Mailinblack, a anonyme company (limited liability company), registered in the Marseille Register of Commerce under number B 449 002 104, whose head office is located at 53 rue Grignan, 13006 Marseille (hereinafter referred to as “Mailinblack”) is the creator, developer and publisher of the Mailinblack products.

Use of the Mailinblack products and their documentation is exclusively governed by these General Terms of Use and Maintenance (hereinafter referred to as “GTUM”), exclusive of any other documents such as brochures, catalogues or documentation from Mailinblack or the Distributor, which are only provided for information purposes and only serve as a general guide.

Consequently, placing an order with Mailinblack or the Distributor entails the purchaser’s full and unconditional acceptance of these GTUM notwithstanding any stipulation to the contrary (deemed invalid and inapplicable) appearing on the Customer’s purchase orders or on its general terms of purchase or on any document provided by the Customer. No special or contrary condition can take precedence over the present GTUM irrespective of when it may have been brought to the attention of Mailinblack or the Distributor, unless expressly accepted in writing by Mailinblack.

In addition to the rights and restrictions set forth herein, any other indications or restrictions contained in the installation and use instructions for the Mailinblack Products or update notes governing their use are incorporated herein by reference.

 

1. DEFINITIONS

Customer” means the natural person or legal entity, acting for professional purposes, who orders the Product. Acceptance of these GTUM by an agent is deemed to be made in the name of and on behalf of the Customer by a duly authorised person.

Cloud” designates the configuration in which the Product and the Data are hosted by Mailinblack and accessible remotely by the End User.

Order” means, according to the circumstances, any commercial proposal emanating from Mailinblack or the Distributor accepted by the Customer or any order issued by the Customer and accepted by Mailinblack or the Distributor. The Order is considered as appended to these GTUM by reference.

Distributor” means the natural person or legal entity, a Mailinblack reseller, with whom the Customer placed the order and who supplied the Product to the Customer.

Documentation” means paper or electronic documentation, including installation manuals and/or access to and use of the Products.

Data” designates the data, information and documents created or used by the Customer or the Users in the context of using the Product and, where applicable, stored and hosted by Mailinblack (Cloud) or by the Customer (On-Premise), which remain the property of the Customer.

On-Premise” means the configuration in which the Product and Data are hosted by the Customer in its environment or under its control and responsibility.

Product” means the software products (in their executable form and, exceptionally, the hardware) and the related Documentation for which the Customer placed an Order. The definition of the Products includes all updates, new versions, patches and improvements provided directly by Mailinblack or via the Distributor.

Prerequisites” means the infrastructure, including the computer hardware and the software environment, and any other specification or instruction, in which the Product is installed (On-Premise) and/or from which the Users can access and use the Product and that the Customer must implement to enable the installation (On-Premise) and/or the correct use of the Product. The Distributor or Mailinblack will inform the Customer of the Prerequisites, which may change during the Product’s use.

Services” means the services provided by Mailinblack related to the Products as described herein.

User” designates the agents or employees of the Customer duly authorised to use the Product, for whom the Customer vouches for their compliance with the GTUM. The Users may be simple users or administrator users.

Sell“, “buy“, “sale” or “purchase” designates, concerning the Mailinblack Products, the licensing of the non-exclusive right to use as provided for herein and without transferring ownership.

 

2. PURPOSE OF THESE GTUM AND DESCRIPTION OF PRODUCTS

The Products are email security solutions as described hereinafter and can take many forms, including in particular:

  • MIB-CLOUD: service enabling remote use of the Product via servers managed by Mailinblack
  • MIB-ON PREM: virtual or physical appliance installed in the Customer’premises containing the Product user licences
  • EASY MANAGE: service enabling remote use of the Product via Distributor-managed servers
  • MIB-SMTP: optional service to use Mailinblack IP addresses to have emails sent by the Customer

The Products are made available in Cloud or On-Premise configurations.

At the request of the Customer and subject to acceptance by Mailinblack, Mailinblack may provide the Customer with a server on which the Product will be installed. In this case, the server will be sold to the Customer at the price mentioned in the Order and will become the property of the Customer. Mailinblack does not give any warranty other than the warranty potentially conceded by the manufacturer on this material, and will have no obligation to maintain this material.

The Products and Services may be sold to the Customer either by Mailinblack or by the Distributor. In the event of commercialisation by a Distributor, the latter is responsible, in all cases, for the obligations related to the sale of the Product. Assistance and maintenance services and hosting services (Cloud) may be provided by Mailinblack or the Distributor, under its liability, as agreed with the Customer.

When the Distributor or any other third party is in charge of the Services and in particular the installation, the hosting and/or the support or any other service related to the Products and the Data, this party provides these services under its own liability, to the exclusion of any liability by Mailinblack.

Thus, these GTUM are intended to govern the terms and conditions under which Mailinblack grants the rights to use the Product and hosts and makes available the Product and the Data (Cloud), as well as the conditions under which the Customer and/or Users install, run (On-Premise) and/or access and use the Product.

The present GTUM also aim to define the terms and conditions under which Mailinblack provides the Services, especially the assistance, warranty and maintenance related to the provision of said Product and, where applicable, hosts the Product and the Data (Cloud) when these services are performed by Mailinblack.

Unless expressly stated otherwise, the GTUM do not include the installation, configuration, adaptation, customisation or suitability of the Product to the specific needs of the Customer, which acknowledges having chosen the Product under its responsibility, according to its needs and constraints.

The GTUM, the Order and, if applicable, any other document referred to in these GTUM or appended by the Parties constitutes the “Contract”.

The provisions relating to Personal Data processed in connection with using the Product are set out in the Appendix to these GTUM.

Mailinblack may modify the Services or the features included in the different services, Products or these GTUM, at the end of the current subscription period or with two months’ notice (this time limit will not be applicable in the event of a minor Product update that does not impact a substantial feature of the Product or intended to improve security). In the event of disagreement, the Customer may terminate the contract.

2.1. Product Principle and authentication wait time. Emails received by Users pass through Mailinblack’s server before being routed and stored on the Customer’s email system if they come from an authenticated source.

When receiving an email from an unknown sender, an email will be sent to the sender for self-authentication via a link and a captcha (or equivalent) to fill in. This email may be customised by the Administrator User on the Product.

The source (sender, email or domain name) can also be manually authenticated by the User on the Product.

Emails from an unauthenticated source remain pending authentication on the Mailinblack server for a period of typically 30 days from 0:00 a.m. of the day after the email was received.

Once a source is authenticated, all emails from that source are immediately delivered to the End User’s email system after transiting through the Mailinblack server.

The pending emails stored on the Mailinblack server waiting for authentication and the list of authorised or banned senders are accessible by each user on the Product.

The Customer acknowledges having read and understood the commercial and technical presentation describing the Product made available to it (especially on the Mailinblack website), undertakes to always comply with the Prerequisites (and instructions and recommendations as well as any updates communicated later) for an installation (On-Premise), correct access and use of the Product and in particular agrees that (i) the Product is not in any way a storage, archiving and/or hosting tool or service for immaterial data, for which Mailinblack or the Distributor cannot be held liable (the Customer will be personally responsible and liable for the processing, backup, storage and daily archiving of its data) and that (ii) if the sender of an email does not identify itself or if the User does not authorise the source within the set timeout period for receiving authentication, the said email is considered as an unsolicited email and is deleted at the end of the said period without any possibility of retrieval. The Customer acknowledges and accepts this mechanism and waives the right to hold Mailinblack or the Distributor liable in the event that data are not routed for this reason.

 

2.2. Guarantee of confidentiality of Data and contents. Mailinblack undertakes to treat all Data as confidential, more specifically under the conditions set out in the Appendix “Personal Data”.

The Customer acknowledges that login credentials allowing Users to access the Product and the Data are strictly personal and confidential. Consequently, it is prohibited to disclose or share them with third parties. In the event that the Customer or a User distributes or uses these elements contrary to their intended purpose, Mailinblack will be entitled to terminate the agreement. To avoid fraudulent use of the Identifiers, the Customer agrees to choose a password that allows a high level of security according to the standards and recommendations currently in force. The Customer alone is liable for the use of these identifiers by third parties, and shall hold Mailinblack harmless against any claim and/or legal proceeding based on fraudulent use or not of these identifiers. In any case, Mailinblack cannot be held liable for fraudulent use of the Identifiers as it does not have the technical means to ensure the identity of people accessing the Product.

 

2.3. Obligation of means. In the context of these GTUM, Mailinblack is bound by an obligation of means. The Product allows the Customer to route all email sent to its domain name through a Mailinblack server whose purpose is to filter unwanted emails. The routing of emails to the User depends either on the authentication performed by the sender or the manual authentication by the User, so that Mailinblack can in no way guarantee that the User will not receive any unsolicited email or that a solicited email is not intercepted by the filter. At any time the User can consult on the Product the exhaustive list of emails that the Product has stopped and may, if it wishes, ask to receive each one of them until the end of the waiting period referred to above (Article 2.1).

 

2.4. Cloud: in this case, Mailinblack undertakes to host the Product and Data on a server and to monitor and maintain this infrastructure in good working order within the framework of an obligation of means and under the conditions specified in the “Personal Data” Appendix.

It is specified that the fee payable by the Customer is exclusive of any additional expenses, in particular the cost of telecommunications and access to the Internet, necessary to access and use the Product or the costs related to the infrastructure on which the Product is installed (On-Premise) and which remain at the Customer’s expense and responsibility.

The Customer undertakes to only place on Mailinblack’s servers Data that it owns or is authorised to hold and which are not likely to affect the good working order of said servers. Where applicable, the Customer undertakes to use data in the form and manner indicated by Mailinblack or the Distributor.

Mailinblack reserves the right to modify or interrupt access to the Product for reasons of security, maintenance, updating or improvement or to change the content without compensation. Whenever possible, Mailinblack will endeavour to minimise inconvenience to the Customer and to inform it prior to an interruption. Mailinblack will not be liable for technical constraints related to the specific characteristics of the Internet network or any interruption that is not attributable to a fault on its part.

 

3. ORDERS AND PAYMENT

These provisions are applicable when the Order is placed with Mailinblack (otherwise, the terms and conditions of the Distributor apply).

Unless Mailinblack expressly indicates otherwise to the Customer, the Order is placed electronically and becomes binding and definitive when the Customer signs the Mailinblack quotation.

Billing is carried out at the time of the Order, notwithstanding the installation of the Product. Payment shall be made by cheque or bank transfer, within 30 days of receipt of the invoice and then at each renewal date of the Contract.

The interest rate for late payment penalties due on the day following the settlement date shall be equal to the interest rate applied by the European Central Bank on its most recent refinancing operation plus 10 percentage points under the conditions set out by Article L446-1 of the French Commercial Code. Late payment penalties are due without the need for a reminder.

In addition, in the event of late payment, the Customer will by operation of law owe Mailinblack lump sum compensation for collection costs equal to the amount in effect determined by decree. When the collection costs incurred exceed the amount of this lump sum indemnity, Mailinblack may request additional compensation, upon proof of such costs.

 

4. TRANSFERRED RIGHTS

The Customer acknowledges that copyright and other rights related in particular to intellectual and industrial property, patents, trademarks, trade secrets, know-how, ideas, concepts and inventions, any interest, covered by applicable law or not, concerning the Products, including but not limited to, any modifications, translations, adaptations, improvements, patches, updates or new versions, derivative works, compilations and technical know-how are and remain reserved at all times to Mailinblack (or, where applicable, to their holder).

Mailinblack grants the Customer a right to install (On-Premise) and use the Product (and its related Documentation) as described in the Order and the corresponding invoice, in its executable form, for the number of licences provided for in the Order. Unless stated otherwise, a licence corresponds to a Customer’s mailbox.

This right of use is personal, limited, temporary, non-transferable and non-exclusive to the Customer and may not be assigned or loaned to other persons. The use of the Product is intended to cover only the Customer’s internal and professional needs. The rights granted further to these GTUM do not have the effect of transferring to the Customer or Users any rights other than those expressly granted herein and as detailed in the Order.

Any use not provided for herein is prohibited and, in particular but without limitation, the Customer (including Users) undertakes not to (nor authorise any third party to do so) (i) install the Product and/or use it for purposes other than those described in the Documentation, (ii) make copies (On-Premise: except the legally authorised backup copy), reproduce, alter, adapt, translate in any way or integrate in any other product, all or any part of the Product or its Documentation, create derivative works from the Product, disassemble or practice reverse engineering or attempt to discover the source codes (deemed strictly confidential), (iii) modify the Product in any way, even to the extent of correcting the errors that it may contain, this competence being exclusively reserved for Mailinblack, (iv) distribute, give or sell under sub-licence, broadcast, assign, rent, lend, lease, sell, give or otherwise transfer for commercial purposes, even free of charge, all or part of the Product, by any means, to any person, except with the express consent of Mailinblack; (v) infringe in any way whatsoever the rights of Mailinblack.

 

5. SUPPORT & MAINTENANCE

These provisions are applicable when the Services are carried out by Mailinblack (in the case where they are provided by the Distributor, the Distributor’s conditions are applicable).

This being said, the level 3 software maintenance services are carried out exclusively by Mailinblack, which thus reserves the right to adapt, modify and correct the Products. In the case where the Distributor is in charge of the Services, it will be the Customer’s sole point of contact for the level 1 and 2 maintenance services.

The Services are valid for a Product regularly ordered, installed and used, and exclusively for the initial installation site of the Product (On-Premise, with a possible site change after informing Mailinblack) and/or the domain name as indicated to Mailinblack.

The Services are provided remotely and include technical support and software maintenance.

5.1. Assistance: this service includes remote technical assistance, via telephone and/or email from Monday to Friday from 8:00 a.m. to 6:30 p.m. except public holidays and when the Customer is informed in advance of the service’s unavailability. It does not cover abusive, repeated requests and/or difficulties that reading the available Documentation can resolve.

5.2. Software maintenance: Mailinblack maintains the Product, which involves providing Product patches and updates required for its normal operation. These patches and updates must be installed and/or authorised by the Customer (if necessary) within a reasonable time after they are made available (On-Premise), except to relieve Mailinblack of any obligation or liability arising from these GTUM. These patches and updates are licensed under the terms of the GTUM unless conditions of use accompany them on a case-by-case basis.

5.3. Limits: Mailinblack reserves the right to discontinue the Maintenance of any version of the Product prior to the version being marketed, provided that the Customer has been so informed three (3) months beforehand (On-Premise).

The Services do not include any services to integrate the Product in the Customer’s technical environment (hardware and software), to communicate with other operating or information systems, to develop specific computer programs, additions or modifications to existing programs, nor any user training, incidents due to misuse of the Product by the Customer, a malfunction of the Customer’s IT environment or a failure or interruption of the telecommunication networks and/or electrical network, as well as any intervention on the Customer’s site.

 

6. PRODUCT WARRANTY

Since the Product falls within an especially complex field of computer technology and, in the current state of knowledge, it cannot be physically tested for all possible uses, no other warranty than those described in the GTUM can be accepted.

The operation of the unmodified Product, properly installed and/or used, especially with regard to Mailinblack’s Prerequisites and instructions, unmodified and regularly updated, is warranted and maintained in compliance with the functional and technical characteristics described in the Documentation, for the term of the contract.

The right to install (On-Premise) and/or use the Product is granted “as is” without any other warranty of any kind, express or implied, regarding its quality, performance or results, or the non-infringement of the rights of third parties.

Mailinblack has an obligation of means and can only be held liable for proven fault or negligence in the performance of its obligations, unless expressly stated otherwise.

 

7. CUSTOMER OBLIGATIONS AND RESPONSIBILITIES

The Customer and the Users must have the skills, hardware and software required to use the Product, as well as meet Mailinblack’s Requirements to install (On-Premise) and/or use the Product. Mailinblack will not be liable for any damage arising from use of the Product in combination with software or hardware used by the Customer or any technical problem of the Customer on its information system.

In the event of On-Premise subscription, it is the responsibility of the Customer to ensure the operation, availability and security of its servers.

The Customer warrants to Mailinblack that the Data do not infringe the rights of third parties and undertakes to comply with all regulations applicable to it related to its use of the Product.

As such, the Customer undertakes to hold Mailinblack harmless against any legal proceeding and/or complaint and/or conviction pronounced against it (especially in the event of a legal proceeding by a User or a third party), including indemnities, court fees and legal fees that could be charged to it, due to a failure of the Customer and/or User to comply with their legal and contractual obligations.

For the MIB-SMTP Product, the Customer undertakes to hold Mailinblack harmless against any damage or any legal proceeding and/or claim and/or condemnation resulting from the Customer’s use of Mailinblack’s IP addresses to send emails.

 

8: EXCLUSION AND LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE LIMITATIONS AND EXCLUSIONS OF LIABILITY SET OUT IN THESE GTUM APPLY, IRRESPECTIVE OF THE GROUNDS OF LIABILITY.

IN NO EVENT SHALL MAILINBLACK BE LIABLE TO THE CUSTOMER, INCLUDING FOR THIRD PARTY CLAIMS, FOR ANY CLAIMS OR COSTS WHATSOEVER RELATING TO ANY INDIRECT DAMAGES, INCLUDING BUT NOT LIMITED TO ANY FOREGONE INCOME, OPERATING LOSSES OR PROFITS, ANY BUSINESS INTERRUPTION RESULTING FROM THE PRODUCT AND ITS DOCUMENTATION, ITS USE OR THE IMPOSSIBILITY OF ACCESSING AND/OR USING IT, OF ITS MAINTENANCE OR IMPOSSIBILITY TO PROVIDE MAINTENANCE, OR EVEN THE PRODUCT’S FAILURE TO RUN WITH ANY OTHER PROGRAM, EVEN IF MAILINBLACK OR THE DISTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT CAN MAILINBLACK BE HELD LIABLE OR RESPONSIBLE FOR ANY OTHER DAMAGES OTHER THAN THE PROVEN DIRECT DAMAGES THAT ARE ATTRIBUTED TO IT, WITH THE FOLLOWING LIMITATION: IN ANY EVENT, MAILINBLACK’S TOTAL LIABILITY SHALL BE STRICTLY LIMITED AND IN NO CASE EXCEED THE AMOUNT THAT THE CUSTOMER ACTUALLY PAID FOR THE PRODUCT THAT LED DIRECTLY TO THE PREJUDICE DURING THE PERIOD OF TWELVE (12) MONTHS PRECEDING THE EVENT WHICH CAUSED THE DAMAGE.

Neither party shall be liable nor deemed to have failed in its obligations, if such breach is due to an event of force majeure.

Force majeure is considered to be any event beyond the control of one or all of the parties, and in particular civil or foreign wars, riots, fire, water damages of all kinds, accidents, social movements with occupation of the premises, governmental, regulatory or legislative decisions or any other restrictions, natural disasters, interruptions of channels of communication, shortages of energy, raw materials or finished products, or any other cause that would be beyond the control of one of the parties.

 

9. TERM AND TERMINATION

The right to access and/or use the Product remains valid for the term stipulated in the Order. At the end of this term, the grant of these rights is automatically extended for successive terms of the same duration unless otherwise notified by either Party by registered letter with acknowledgement of receipt before the end of the current term.

At the end of each term, Mailinblack or the Distributor may change its licence fee rate. In this case, the Customer then has a period of 30 working days, from the notification of the change, to inform Mailinblack or the Distributor of its acceptance or rejection of the new rate. In the absence of refusal during this period, the Customer will be deemed to have definitively accepted this new rate.

Without prejudice to any damages that they may claim, Mailinblack or its Distributor reserves the right to terminate any right of access and/or use, by operation of law and without judicial intervention, obligation or other responsibility, in the event the Customer breaches these GTUM or any other conditions related to the Product that aren’t remedied eight (8) days after sending a formal notice.

The termination of the contract, for any reason whatsoever, in advance or at its end, will terminate the rights granted herein. Upon termination, for any reason whatsoever, the Customer shall immediately, as applicable, (i) remove the Product from the environment it was installed in, or from any other computer system, storage tool or file (On-Premise) and cease to use it, in any way, (ii) return to Mailinblack or the Distributor any copy of the Product (On-Premise), including any copies and any Documentation and (iii) certify in writing, at the request of Mailinblack or the Distributor, compliance with these obligations. The rights and obligations that, by their nature, must continue after the end of these GTUM will always be applicable.

 

10. APPLICABLE LAW AND JURISDICTION

These GTUM are subject to French law, excluding the Vienna Convention on the International Sale of Goods and rules related to conflicts of law and jurisdictions.

ANY DISPUTE INVOLVING MAILINBLACK RELATED TO THESE GTUM AND THEIR CONSEQUENCES, ESPECIALLY CONCERNING THEIR INTERPRETATION, PERFORMANCE OR TERMINATION, SHALL BE REFERRED TO THE COMPETENT COMMERCIAL COURT IN THE JURISDICTION OF MAILINBLACK’S REGISTERED OFFICE WHERE JURISDICTION IS EXPRESSLY ATTRIBUTED, NOTWITHSTANDING MULTIPLE DEFENDANTS, THIRD PARTY CLAIMS OR INCIDENTAL CLAIMS, INCLUDING FOR EMERGENCY PROCEDURES OR PROCEDURES ON REQUEST.

 

11. GENERAL PROVISIONS

The failure to exercise, the partial exercise or the delay in exercising the rights provided for in these GTUM does not in any way constitute a waiver of the exercise of these rights, nor a waiver of any other right. Any waiver or modification of the GTUM will only be effective if it is provided for in a written document.

If any provision of the GTUM is deemed to be null and void, it will be considered unwritten but the remaining provisions will remain in force and effect unless the cancelled provision is essential to Mailinblack, in which case the contract will be deemed terminated as a whole.

These GTUM constitute all of the rights and obligations governing the use of the Mailinblack Product in place of any previous proposal or agreement, written or verbal.

 

APPENDIX: PERSONAL DATA

The purpose of this appendix is ​​to define the conditions under which Mailinblack undertakes to perform on behalf of the Customer the processing operations for the Personal Data described hereinafter, as part of supplying the Product.

Within the framework of their contractual relations, Mailinblack and the Customer undertake, respectively, to comply with the regulations in force (hereinafter referred to as “Regulations“) concerning the processing of personal data applicable to their activities and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, applicable from 25 May 2018 (hereinafter referred to as the “GDPR“).

The processing of the Customer’s personal data for the Order and Mailinblack’s execution of the Contract as data controller is provided for in the Mailinblack Privacy Policy.

 

       I. Definitions

The definition of the words or expressions used in this appendix in upper case is specified in the GTUM or hereinafter.

Data Subject: natural persons whose Personal Data are subject to the Processing.

Personal Data: data which, within the meaning of the Regulations, can be used to designate or identify, directly or indirectly, a Data Subject and are subject to the Processing.

Processing: any operation applied to Personal Data by the Customer as a Controller and by Mailinblack as a Processor in performing the Contract as described below.

 

       II. Description of the Processing

Execution of the Contract is likely to result in the Processing described below in accordance with Article 28.3 of the GDPR.

It is reiterated that the Customer acts as the controller and Mailinblack acts as the processor concerning the Processing of Personal Data.

2.1. Nature, purpose and aims of the Processing: Personal Data may be collected, saved, organised, structured, stored, viewed, disseminated, made available or deleted as part of providing the Product and performing the contract.

2.2. Purposes of the Processing: the Processing carried out by Mailinblack as the processor is intended to provide the services resulting from supplying the Product and to perform the Contract and the Customer’s instructions pursuant to the Contract, including, as the case may be, for the purposes of performing maintenance, storage, backup, transmission or data provision operations when emails pass through Mailinblack servers, routing these emails to the Customer’s servers and hosting the Product and Data in the Cloud.

The Processing performed by the Customer via the Product is intended, especially for the User, to manage the emails sent by senders to the Users, to authenticate the senders and retrieve the blocked emails and for the Administrator User to manage the Users and the information provided to Users on how to use the Product.

2.3. Processing Time:

  • User Data for managing access to the Product: term of the Contract (and as long as the User is designated as a user)
  • Sender Data: term of the Contract except for deleting data related to senders the User removed while using the Product
  • Data related to emails passing through Mailinblack’s servers: time required to route the email after authenticating the sender or, in the absence of authentication, quarantine period set by the Customer (usually 30 days).

2.4. Categories of Data Subjects: Users and senders of emails.

2.5. Categories of Personal Data: the categories of Personal Data are determined by the Customer when using the Product. This concerns in principle the following data:

  • For Users: surname, first name, email address, whitelist and blacklist of senders, metadata (subject, date and time, sender, recipient) and content of the email sent to the User.

Optional data: Customer name and logo, IP address, Title, Customer address (postcode, country, State), mobile phone, fax, personal phone, Beeper, title, description, username, initials, webpage, social network pages, as well as any other data included by the Customer in the customisation of emails and authentication pages.

The Customer is informed that Mailinblack does not store the User’s passwords in their original form (a password hash is stored via an irreversible hash function) and that in the event of loss or desire to change a password, the Customer will have to choose a new password.

  • For email senders: email address, metadata (subject, date and time, sender, recipient) and content of the email sent to the User.
  • Data storage related to sending emails for traceability and security purposes:
  • For the user: sender’s email address, recipient’s email address, subject of the email, IP address of the sender used to send the email, date and time, IP address used when connecting to the interface, interface login ID and interface login date and time.
  • For the sender: IP address used when accessing the captcha authentication page, sender email address, date and time of logging in to the interface.

The Customer undertakes not to transfer specific categories of personal data as determined by the Regulations.

 

       III. Customer’s Obligations

The Customer undertakes to comply with its obligations under the Regulations with regard to the Data Subjects.

In particular, but without limitation, the Customer as data controller undertakes to comply with the principles of Personal Data protection to ensure, as far as it is concerned, the security, confidentiality and integrity of Personal Data by implementing appropriate technical and organisational measures, to only send Mailinblack Personal Data lawfully obtained and processed and not to use the Product for purposes that do not comply with the Regulations.

It is the Customer’s responsibility to ensure that the Data Subjects are informed of the Processing carried out. As such, the Customer must inform Users and senders of the Processing of their Personal Data when using the Product. For senders’ information, the email sent to them when sending an email to a User will include a default warning indicating that their Personal Data are processed by the Customer as data controller. The Customer may add a link to its privacy policy or to the information to be provided to senders.

In addition, to the extent that the Administrator Users can access User Data, the Customer is responsible for ensuring they are authorised to do so.

The Customer must also ensure that the Product Data are regularly deleted when it is no longer necessary to store them for the purposes of the Processing that it determined.

The Customer chose Mailinblack and the Product under its responsibility, considering in particular that the information provided by Mailinblack presents sufficient guarantees that the Processing satisfies the requirements of the Regulations and guarantees the protection of the rights of the Data Subjects.

The Customer acknowledges the risks and limitations of Data transfers via the Internet and more particularly by email and shall refrain from using this channel to transfer sensitive data in accordance with the recommendations of the CNIL (French Data Protection Agency). Mailinblack cannot be held liable for the loss, illegitimate access or alteration of sensitive data sent by email.

 

       IV. Mailinblack’s Obligations

4.1. Instructions: As a processor, Mailinblack processes Personal Data only on the Customer’s documented instructions for the purposes agreed to by the parties. This Agreement, the Customer’s actions when using the Product and any instructions communicated in writing by the Customer within the scope of the Contract constitute the Customer’s instructions.

If Mailinblack is obliged to transfer data to a third country or an international organisation under European Union law or French law, Mailinblack will inform the Customer, unless prohibited for important reasons of public interest.

4.2. Confidentiality: Mailinblack ensures that the persons authorised to process the Personal Data undertake to comply with the confidentiality of such Personal Data and are aware of the need to protect the Personal Data.

Mailinblack guarantees that the content of emails passing through its servers is treated as strictly confidential information and guarantees that access to these servers is prohibited to anyone who is not bound by a confidentiality undertaking or who is barred by a final court decision.

To protect the confidentiality of the Data, Mailinblack constitutes a database independent of its other databases of customers and/or prospects and prohibits any use of the information in this database for purposes other than the proper operation of the service.

4.3. Security and subcontractors: Mailinblack takes the protection of Customer Data very seriously and has implemented various measures to protect these data from inappropriate access or use by unauthorised persons. This includes restricting access by Mailinblack’s staff, its subcontractors and its distributors.

Mailinblack uses different partners to host the data of its cloud-based solutions, including Interxion / Safebrands, OVH and Microsoft Azure. These outsourcing partners provide Mailinblack with physical datacentre hosting locations and IaaS and PaaS hosting for cloud computing and storage capacity.

Data access can be divided into two categories: physical access and logical access.

  • Physical access to datacentres and servers containing Data:
    • Physical hosting slots (server bays in clean rooms), as made available to us by Interxion and Safebrands, have physical access that is restricted to Mailinblack teams only. Only explicitly authorised staff can access them.
    • IaaS and PaaS hosting, as provided by OVH and Azure, have physical access restricted to the host’s teams.
    • All the datacentres are monitored 24/7 and their access is secured by several processes: cameras, barriers, identification, badges, biometrics, etc.
  • “Logical” access to data from a network and software perspective is deeply protected by multiple firewalls, secure connections, role-based access controls and restriction and authentication mechanisms.
    • Most Mailinblack Cloud solutions are shared, which means that Data may be stored on the same physical hardware as other customers’ data. To ensure that each customer can only access its Data, Mailinblack uses logical isolation to isolate access to the Data.
    • Access to the Customer’s functional Data via the provided interface is limited to the authorised Mailinblack technical teams, the Customer’s users, the manager account and the potential Distributor according to the agreements between the Distributor and the Customer.
    • Mailinblack’s subcontractors do not have direct logical access to the Data, but may be required to intervene and access it in the event of an incident or to provide service on behalf of Mailinblack. The subcontractors that can access the data are OVH and Microsoft. They are bound by a strict obligation of confidentiality and we make sure to impose the same undertakings on them as we undertake ourselves.

Below you will find the detailed physical and/or logical security measures of the different Mailinblack subcontractors.

4.4. Requests from data subjects: at the Customer’s request, Mailinblack undertakes to collaborate as far as possible with the Customer to respond to any request from a Data Subject made in accordance with the Regulations concerning his or her Personal Data.

As such, the Customer is informed that it may itself correct or delete the Personal Data on the Product. If a Data Subject sends a request directly to Mailinblack, Mailinblack undertakes to send it as soon as possible to the Customer.

4.5. Customer Information: the Customer may request from Mailinblack the reasonable information required to demonstrate compliance with its obligations under Article 28 of the GDPR and to permit audits, including inspections, by the Customer or another auditor it has appointed, for the purposes of verifying compliance with the provisions of this Appendix and subject to the signature of a dedicated confidentiality agreement.

Mailinblack will, insofar as possible, inform the Customer if Mailinblack is aware of an instruction which, in its opinion, constitutes a violation of the applicable provisions.

Mailinblack will inform the Customer of any violation of the Customer’s Personal Data immediately upon learning of it.

4.6. Restitution and/or deletion of Personal Data:

  • Email from an authenticated source is not retained beyond the time it takes to deliver it to the Customer (maximum of 5 days if the customer’s mail server does not respond);
  • Emails pending authentication are not stored beyond the maximum quarantine holding period (30 days);
  • Upon termination of the Contract, Mailinblack may return and delete the Customer Data hosted in connection with using the Product within a maximum period of 60 days from the effective date of the Contract’s termination.

Logs can be kept for one year for security reasons.

4.7. Location of Personal Data: Personal Data is hosted by Mailinblack in France (Roubaix, Marseille or Paris).

4.8. Subcontractors of Mailinblack: the Customer authorises Mailinblack to use subcontractors to host the Products and to supervise the infrastructure (Cloud), as mentioned in article 4.4 above, for which Mailinblack undertakes to demand from them compliance with the obligations applicable to Personal Data. Mailinblack remains liable to the Customer for the Contract’s performance.

The Customer is informed and accepts that Mailinblack uses the subcontractors identified above or in any subsequent communication from Mailinblack, it being specified that the Customer can access the privacy and security policies of the subcontractors on their respective websites or on request sent to Mailinblack.

Mailinblack will inform the Customer in advance of any planned changes concerning the addition or replacement of other subcontractors and the Customer may object within 15 days to such changes while indicating the reasons for these objections.

In the case of an On-Premise subscription or Data hosting by the Distributor or any third party, the provisions of this Appendix shall not be applicable or enforceable against Mailinblack for Data that is not hosted or placed under its responsibility.