EFFECTIVE DATE: MAY 25, 2018
Your Work is Safe with Us
Our Collection and Use of Personal Information
Pobuca is a website provided by Pobuca Ltd.
Your Trust is of the Utmost Importance To Us, and We Will Never Betray It.
You have chosen to trust us with your professional address book and contact data. We are careful to be very clear when requesting the information that, while personally identifying you (“Personal Information”), is required for the successful operation of the Service. Such information includes personal information you provide to create a personal access login for our Service; we use that information to contact you regarding your use of the Service. Our business is NOT in selling the private contact data from your address book. Our business is in providing you a safe, secure place to unify your address books and keep them all up-to-date, clean and complete.
We collect information under the direction of our clients but do not have direct relationship with the individuals or companies whose data are being processed. If you are a customer of one of our clients and you would like to no longer be contacted by our client who uses our services or to alter or delete inaccurate data, please inform our client directly.
Please be informed that we use third parties to provide the necessary software, hardware, emailing, networking, storage and related technology necessary to run the Service. These third parties are only allowed access to the minimum necessary amount of data for the successful operation of the Service and are GDPR compliant.
Private contact data stored in your address book contains sensitive information like your company’s clients, phone numbers, addresses, photos and email addresses. We consider your private contact data to be privileged information and we will never sell, rent or lease your private contact data. You control who has access to it.
Profile and demographic data we collect may be used to personalize your experience with the Service and display information on this web site and any requested email communications in a way that is more relevant to you. We also compile, in the aggregate only, statistically and anonymously, demographic and product use information, and may, from time to time, choose to make that aggregate information available to the public.
We strictly adhere to a permission-based only email policy. As our customer, your email address is only used to send information that you have requested and to contact you to provide information about your account, subscriptions, billing, and updates to the Service, including information about new features, security or other technical issues. We may also contact you regarding third-party inquiries we receive regarding use of the Service, as described in your agreement. You will not be able to unsubscribe from these non-promotional communications, as they refer to the provision of the Service itself.
As required for complete use of our email marketing software, we allow you to elect to receive, or to not receive, certain information from us, such as our commercial offers or advertisements. Except as mentioned herein, we will not send unsolicited email information. We will not sell, or lease our contact lists nor our customer’s contact lists (including customer data) to any third party. All opt-in emails we send in response to your request have an easy, one-click unsubscribe function for recipients. Unsubscribe requests are fulfilled without further communication being sent to requesting users.
We may only use contact information of your address book, if you agree to provide it to us, for the limited purpose of sending them an invitation to use the Service or other products of our company; we may contact those individuals -after asking your consent to do so - with communications that may include information about you, such as your name and profile photo, for reference purposes only.
You may authorize other websites such as Facebook, Twitter, LinkedIn, Google Analytics, Google Webmasters, Bing Webmasters, Crashlytics to import information to the Service.
By using the Service and accepting it’s terms and conditions, you expressly consent to the information handling practices described in this policy. If you do not want information about you to be used in the manner set forth in this policy, please do not use the Service.
Contact Data and Contact Record
The administrator/s are in control of your contact data. All users with the same e-mail address (for example email@example.com) will have access to the same address books and information.
We will retain your data for as long as your account is active for the provision of the Service. After your account becomes inactive, a backup of your data will be retained for a period of 35 days, in case you wish to reactivate your account. If wish though, that back up period can be skipped and your data can be deleted immediately after your account becomes inactive.
Any information your administrator/s choose to delete will be permanently deleted from our system.
With whom we share Information
Third Party Websites
Our accounts require that you log in with a username and password. You must secure your login credentials from unauthorized use by a third party.
Please understand that account passwords are encrypted. We cannot see your password; we can only reset them.
The Security and Protection of Other Intellectual Assets
We ensure that all subscriber lists, email content, phone numbers and reports remain private and confidential. We will not sell, lease, or invite external access to a customer’s contact lists.
Cookies and Other Tracking Technologies
We use temporary and permanent cookies to enhance your experience of the Service. Temporary cookies will be removed from your computer each time you close your browser. In the service, a permanent cookie will be stored in your computer and you will not be required to sign-in by providing complete login information each time you return to our website. If you have turned cookies off, you may not be able to use registered areas of the website. We tie cookie information to your email address when you elect to remain logged in so as to maintain and recall your preferences within the website.
Technologies such as: cookies, beacons, tags and scripts may be used by us and our partners [, affiliates, or service providers [such as analytics service providers]. These technologies may be used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences only for authorization and authentication purposes. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.
We will have access to third party personal information provided by you as part of using the Service. This information may include third party names, email addresses, phone numbers and physical addresses and will be used for servicing your requirements as expressed by you to us and solely as part and parcel of your use of the Service. We do not share this third-party personal information with anyone for promotional purposes, nor do we utilize it for any purposes not expressly consented to by you. When you elect to refer friends to the website, we request their email address and name to facilitate the request and deliver a onetime email. To that same email, your friend will notified that he may contact us at firstname.lastname@example.org to request that we remove this information from our database.
Communications from Us
Updates and Offers. After an initial email welcoming new user and verifying their new account and confirming their passwords and usernames, established users may receive occasional information on our company’s products, services, special deals, and recent news and events or advertisements. Our customers are given the option to not receive these types of communications by using the unsubscribe functionality appearing at the bottom of each email. However, you will continue to receive essential transactional emails.
Service Alerts and Announcements. As required, we may email a service-related announcement. For instance, if our service is temporarily disrupted for any reason, we might send users an email. In general, users may not opt-out of these communications from us; however, their own email filters could block receipt. These mandatory communications are not promotional in nature.
Customer Service. In accordance with the user’s selection, we regularly respond to users’ service requests and account inquiries via either email or ticketing.
Website Usage. At times, we may use your IP address to help diagnose problems with our hardware and software infrastructure, and to administer our website. We also use tracking information to analyze user visits to different pages on our site. We track what information individual users read or view. We also track how often each page is visited. This helps us design and operate a website that delivers the information you want.
Contact Us About Privacy. Ensuring that the information you provide through this website remains private is important to us as we seek to build strong and enduring customer relationships, and so, we want you to know the specific information we gather about our customers and how we use that information. If, at any time, you have questions or concerns about our privacy practices, please feel free to contact us at email@example.com.
All users are bound by the personal data laws and regulations applied in the country of use of the Service.
Security. Users have entrusted Pobuca with their contact data, and we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.
Application and User Security
SSL/TLS Encryption: All communications with the pobu.ca website are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.
User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Pobuca issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user. Τo supplement the password as a means of access control, we are adopting multi-factor authentication, that includes other methods of demonstrating user’s identity, related to your use of the Service.
User Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.
Pobuca is hosted in Microsoft Azure which is compliant with G.D.P.R requirements and addresses security risks across its infrastructure, such as:
Update management: Security update management helps protect systems from known vulnerabilities. Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software. Azure uses a combination of Microsoft and third-party scanning tools to run OS, web application, and database scans of the Azure environment.
Physical Security: Pobuca runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.
Monitoring and logging: Centralized monitoring, correlation, and analysis systems manage the large amount of information generated by devices within the Azure environment, providing continuous visibility and timely alerts to the teams that manage the service. Additional monitoring, logging, and reporting capabilities provide visibility to customers.
Penetration testing: Microsoft conducts regular penetration testing to improve Azure security controls and processes. Therefore, Microsoft has established a policy for customers to carry out authorized penetration testing on their own—and only their own—applications hosted in Azure.
DDoS Protection: Azure has a defense system against Distributed Denial-of-Service (DDoS) attacks on Azure platform services. It uses standard detection and mitigation techniques. Azure’s DDoS defense system is designed to withstand attacks generated from outside and inside the platform.
Organizational & Administrative Security
Employee Screening: We perform background screening on all employees.
Training: We provide security and technology use training for employees.
Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality obligations if they deal with any user data.
Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.
Audit Logging: We maintain and monitor audit logs on our services and systems.
Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.
Software Development Practices
Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Pobuca learns of a security breach, we will notify you immediately in order for you to proceed to the actions provided by the applicable law to the relevant. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.
Your rights on your data
You have the right to ask from us access to and rectification or erasure of your personal data or restriction of processing or to object to the processing, as well as the right to data portability, by contacting us. For any processing where legal basis is your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You also have the right to lodge a complaint with the Data Protection Authority, if you believe your data has been processed illegally.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any data you download to your own computer away from prying eyes.