RPost is a global cloud service provider for secure and certified electronic communications with its patented e-delivery proof, encryption, and e-signature technologies. Millions of users have enjoyed RPost services for more than a decade in more than 100 countries.
This is the Privacy Notice of RPost UK Limited and its related entities providing RPost service operations (RPost Holdings Inc., RPost Communications Limited, RPost Switzerland GmbH, and parent and subsidiary companies of these) (“RPost”) and RPost service providers but only for their customer data processed by RPost services. The registered office of RPost UK Limited is The Glades, Festival Way, Festival Park, Stoke on Trent ST1 5SQ. RPost UK Limited is the company that acts as the Data Processor for the purposes of the scope of the European General Data Privacy Regulation (EU) 2016/679 (GDPR).
RPost’s privacy policies were certified by the US, European and Swiss governments for compliance with the US-EU Safe Harbor and Privacy Shield programs when those programs were generally accepted.
This Privacy Notice is in three sections and describes RPost policies with regards to information privacy as it relates to the use of information for the purposes of providing RPost services (any service provided by RPost including RMail®, RSign®, and Registered Email™ services, or any the RPost® service operations of any service with RPost technology participation) and communications with RPost service users (senders, receivers, customer administrators, offerors, or parties related to them) and prospective users (senders, receivers, customer administrators, offerors, or parties related to them):
A. Personal Data We May Collect While Clients Use Our Service Operations
I. Personal data that we may collect:
- RPost provides services only to clients who have agreed to their terms and conditions, which deal with data protection issues.
- RPost requested all end users update their service operations, since May 2017, to the latest versions. Other than those customers that have not updated their service operations since May 2017, or have requested service processing to be in the United States, all RPost service messages for service operations are processed in secure data centre servers housed in the European Union, with facility operations providing high levels of data security.
- RPost does not collect personal data for service operations other than as noted below. The data that RPost systems may store for limited periods of time are related to processing of messages and their content according to the service features requested by the sender or sender organization, and data associated with the customer entity and customer administrator, as well as the email addresses associated with messages the sender opts to have processed with RPost services.
II. How personal data may be collected
- Provisioning Service. When provisioning service for end users, the customer, RPost staff or reseller administrators may enter information related to the customer in the RPost service provisioning system, which may include data associated with the customer entity and customer administrator, as well as the name and email addresses associated with the sender of messages, and email addresses associated with the recipient of messages the sender opts to have processed with RPost services.
- Normal Service Operations. When a sender or sender organization routes a message to be processed by RPost service operations, RPost receives information contained in the message at its secure data processing centre servers. RPost processes the message according to the instructions of the sender and sender organization, and RPost service operations may record information about the message including message envelope and header data such as sender and recipient email addresses and the subject line content; and message transmission data such as IP addresses and transmission server dialog data. Some of these messages may contain personal data, although not all of them do; if one considers sender and recipient email addresses and IP addresses, as personal data, all the messages would then be considered to contain this type of personal data.
- Support and Authentication. RPost does not look at the contents of these messages other than for RPost servers to perform sender desired functions on the content of these messages; and other than for RPost servers to perform to scan message content and recommend processing or automatically process messages in certain ways based on content or message criteria. Messages submitted to RPost authentication systems for automated delivery evidence investigation and authentication are not maintained by the RPost system after authentication functions are performed and an automated report has been submitted to the submitter, and data is maintained according to the normal service operations of the Registered Receipt™ and Digital Seal® services. RPost may have to access messages to investigate and repair service operations or investigate support issues during message processing, or if a message is submitted to RPost by a service user, by an entity acting on behalf of a service user, or by another party that the service user sent the RPost evidence record to with a support or investigation request, but only for the purpose of a manual support or delivery evidence investigation. Message content submitted for manual support or delivery evidence investigation are evaluated by RPost for the purpose of preparing an analysis per request of the submitter and are purged at the request of the submitter.
- All Data is Treated as if Sensitive and Personal. RPost treats all data as if it was sensitive or personal, even if it is not. RPost does not modify the content of sensitive or personal data in any way unless specific service features are selected that do so, and much of the transmission of content is encrypted.
III. When a Customer uses any of RPost’s Services, RPost may collect the following data
- Main Services. RPost main services that process email include services to track electronic message delivery, record content and timestamp sent and received, encrypt messages in transmission, transmit large files, and manage e-signature processes, record recipient replies, time seal and content authenticate sent messages, and other services as described on its websites and their associated service, international country version, partner, marketing, and operational websites, including these site subdomains and their inter-linked sites:
- RPost®: rpost.com and company.rpost.com
- Registered Email™: registeredemail.com
- SideNote®: sidenote.com
- RMail®: rmail.com
- RSign®: rsign.com
- RForms™: rforms.co
- Administration Data. Message content is received and processed but not considered collected and maintained in the normal service operation. The following data may be collected and maintained in the normal service operation:
- Name and addresses of the Customer and its administrator
- Name and email address of the Sender;
- Email address of the intended recipient;
- Size of the message content sent;
- Passwords associated with the message content;
- Information listed on the subject field and headers of the messages;
- Server transmission metadata including log files and IP addresses associated with
- Service Data. RPost retains most data only during message processing. The timeframes of retention vary based on the service features requested and other instructions provided by the sender or sender administrator. For example, Registered Email™ messages and RMail® encrypted email messages are not retained by the RPost systems except for short periods of time required for the processing, compiling, and quality assurance verification of the Registered Receipt™ email record, which has a normal service operation time period of between several minutes and up to 2 hours from the time of sending, with the variance generally depending on transmission status of each recipient and unless storage extensions are required for service quality assurance and/or requested by the sender organization for API or archive services or for support or delivery status investigate by re-submission to RPost or by agreement with RPost. RMail e-sign services (a/k/a RSign Lite) may retain message content until each recipient of the message sent for recipient signoff has completed the signoff process, with a time limit of 30 days or as requested by the sender organization for archive services. RMail large file transfer services may retain message content until expiration set by the sender or sender organization within a time parameter of 1 to 90 days, with a default of 14 days or as otherwise configured by RPost or the sender or sender organization with the 1 to 90-day timeframe. RSign® e-signature services may retain message content until each recipient of the message sent for recipient signoff has completed the signoff process, with a time limit of 30 days, and may store on behalf of the sender organization copies of signed messages until the sender purges them, with a normal retention period of one year and a normal retention limit of two years, unless extended by the sender organization by agreement with RPost, RPost retains for a longer duration when deletion has not been requested by the customer, or RPost retains for a shorter duration after a customer cancels, is non-paying, or upon customer request; RPost provides each customer administrator the ability to manage retention of electronic files that they or their users may have sent for e-sign. Upon cancelation of a customer account, RPost intends to schedule for deletion all stored messages that had been otherwise retained within the customer account. RPortal customer administration data (information referenced as Administration Data above) is retained for the duration of the customer service agreement and may be retained for audit purposes after termination of the agreement, unless the customer opts not to have this information retained, in which case it shall be retained until billing and payment has been completed; and this data may be accessed by sales organizations provisioning service on behalf of the customer, their management entities, and the customer administrator.
- Secure Transmission. While many messages are received over the internet by a secure channel to the RPost systems, this is not a requirement. It is the responsibility of the sender, their organization, or messaging provider to transmit their messages to the RPost systems through secure channels such as HTTPS or TLS (Transport Layer Security) or using RPost apps that may be configured to transmit messages encrypted using RPost symmetric key encryption from the sender to the RPost systems. While many messages are sent from the RPost systems over the internet by a secure channel to recipient systems, this is not a requirement. It is the responsibility of the sender, their organization, or messaging provider to transmit their messages to the RPost systems with instructions to RPost to encrypt the message in transport to the recipient or recipient messaging gateway encrypted or password protected, should the sender or sender organization opt for such encryption. RPost assumes no responsibility for the security, confidentiality or privacy of files sent to its systems or uploaded to its systems when the encryption options are not used. By using RPost services without encryption options, you acknowledge and agree: (i) to assume sole responsibility for the content and privacy of any files sent or uploaded, hosted and/or transmitted; and (ii) to assume any liability arising from your transmission of, and/or any third party’s receipt of, your messages and files sent via RPost or uploaded to RPost.
- Geography. RPost has requested all end users update their service operations since May 2017 to the latest versions. Other than those customers that have not updated their service operations since May 2017, or have requested service processing to be in the United States, or are customers based in the United States, or are customers that require fallback processing in the United States, all RPost service messages for service operations are processed in secure data centre servers housed in the European Union, with facility operations providing high levels of data security operated within a secure cloud hosting data centre including AWS or comparable. Due to the inherent nature of normal Internet messaging protocols, RPost cannot control what geography a sender may be in when they send message from their systems that are directed for processing at its data centre servers housed in the European Union; RPost cannot control what geography a recipient of a sender’s message may be in when they receive or collect a message from the RPost systems that are processed at its data centre servers housed in the European Union; and RPost can neither control the geographic Internet routing of messages transmitted from senders to RPost data centre servers housed in the European Union nor the geographic Internet routing of messages transmitted from the RPost data centre servers housed in the European Union to the intended message recipients. RPost is not responsible for ensuring Internet message routing remains within the geography of the European Union. Intended recipients of sender’s messages may receive private or personal information that the sender intended to send to the intended recipient, and RPost systems and servers required to process and administer the sender’s message and sender’s account may receive the private or personal information that the sender intended to send to the intended recipient during processing of the message for the timeframes described above.
IV. What we will do and do not do with the personal data we may collect
- What we do: We carry out the Customer’s instructions, according to which services the sender chooses. We use the personal data for billing.
- What we do not do: We will not transfer data received other than for normal service operations according to the services the sender chooses, which includes making billing data available to the sender customer administrator and those parties that make the RPost services available to the sender via service provisioning systems. For GDPR regulated clients or others that have similar regulatory frameworks that purchase services through a service provider qualified to provide RPost services with GDPR compliance (or other similar regulatory framework compliance), we will maintain data storage for the provision of the service in a
country of the European Union. For GDPR regulated clients or others that have similar regulatory frameworks that purchase services through a service provider qualified to provide RPost services with GDPR compliance (or other similar regulatory framework compliance), RPost as the Data Processor currently does not involve any other third party processor except Amazon Web Services (Region EU-Central-1) for providing the RPost Services and for those services’ data storage if any. The contact at Amazon Web Services concerning data protection is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxemburg.
IV. What we offer for European GDPR regulated clients or others that have similar regulatory frameworks that purchases services through a service provider qualified to provide RPost services with GDPR compliance (or other similar regulatory framework compliance):
- Rights of Access, Rectification and Erasure. For a customer (originator of an original RMail message), RPost makes available through its support center, a process to request information about the collected data, rectification of inaccurate data , and erasure of customer data other than metadata without personally identifiable information of the prior existence of the record and its transactions. RPost examines requests for erasure in each individual case as for ensuring RPost deletes all erasable data. Corresponding requests should be addressed as clearly and detailed as possible as a support ticket at https://support.rpost.com. (Data for billing purposes to any active service account will not be deleted; this data is collected for service providing purposes.
- European-Centric Data: A customer that is regulated by GDPR and purchases services through a service provider qualified to provide RPost services with GDPR compliance (or other similar regulatory framework compliance) is set to have personally identifiable information (PII) associated with message records remain in Europe. PII is defined for this purpose as message recipient email addresses and IP address. Message processing in the default state for European customers (who are supplied by the abovementioned category of service providers) is for that message processing to occur in Europe. Access to message transmission reports that contain PII (if any exist) in this default service state is restricted to those customer account managers who have been authorized to have access to manage those customer accounts, the end user who initiates the transaction, and transaction participants. The default service operation limits access to reports that may contain PII to those account administrators.
- Data Masking and Timed Auto-Purge: A customer that is regulated by GDPR and purchases services through a service provider qualified to provide RPost services with GDPR compliance (or other similar regulatory framework compliance) is set to have RSign privacy settings enabled for Data Masking with a range of settings for Data Redaction with Timed Auto-Purge.
B. Personal Data We May Collect for Marketing Our Services
I. Service operations are on distinct systems from management operations
RPost operates entirely separate infrastructures from its service operations, for each of the following functions:
- host and operate its product marketing website
- host and operate its support ticketing centre, web support chat and online knowledge base,
- customer relationship management information, and
- billing information.
Each of these are operated by distinct third-party service and hosting companies.
There is no service message data that is processed by these marketing, support, customer management, and billing systems, other than links to redirect users to log-in to user service interfaces (with the service operations systems that are entirely separate from these management systems) and other than user information that a user may submit into a support ticket or forward to RPost for support service investigation.
If a user submits a Registered Receipt message to its support centre for support analysis, the user is responsible for removing the HTML appended file before submission to RPost, or to understand that by not removing the HTML appended file on the Registered Receipt email record they are consenting to RPost support staff to have a means of reconstructing message and transmission metadata as part of the support investigation.
II. Personal data we may collect for marketing and management operations
RPost marketing and management operations may collect the following information which may be stored in third-party secure customer relationship and customer operations management systems.
- Information that you provide by filling in newsletter, partnership or enquiry forms on our website www.rpost.com, www.rmail.com, www.rsign.com, and other related service websites and marketing landing pages. This information may include, for example, enquiring party name, email address, phone numbers, job title, organisation name.
- Your name, email address, phone numbers, job title, organisation name which you may share through business cards, direct mail, telephonic or in-person contact.
- Personal data which is publicly available from a third party such as held on LinkedIn, Facebook and Twitter and other social media applications.
- When you access our websites noted above and their associated landing pages and websites, details of your visits (including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access).
- We may also ask you for information when you contact us for any enquiries, product demos, partnership information or other business interests. If you contact us, we may keep a record of that correspondence.
III. Where we store your personal data that is part of our marketing and management operations
The data that we collect from you is stored on our customer relationship management, marketing, support, and billing systems and their associated marketing systems. RPost uses third party systems and cannot control where the data from these systems reside, and RPost staff, consultants and sales partners may access some of this information in their efforts to respond to your enquiries in the most suitable manner. Such staff, consultants and sales partners may be engaged in, among other things, the fulfilment of your order and the provision of support services. By submitting your data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with RPost Privacy Policies.
We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff not authorized to have access. All our staff and third parties, whenever we hire them to provide support services, are required to observe our privacy standards and to allow us to audit them for compliance.
IV. Why we require this data and what we may collect
RPost may collect data:
- to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such direct marketing purposes;
- to carry out our obligations arising from any contracts entered into between you and us or to manage our relationship with you;
- to meet our ongoing regulatory and compliance obligations, including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and investigating or preventing crime;
- to undertake transactional and statistical analysis, and related research;
- to ensure that content from our websites are presented in the most effective manner for you and for your computer (or mobile device), and we may use your information collected from the website to personalise your repeat visits to our website.
- We may also use your data to provide you with information about goods and services of RPost which may be of interest to you and where you have provided consent we may contact you about these by post, telephone, email or text message.
V. Disclosure of your information
We may disclose personal data for internal and administrative purposes and where you give consent, to provide you with information regarding our products, services, future marketing events and job opportunities.
We may disclose personal data to third parties that are specifically engaged by us to provide services to us, in which case we will require those parties to keep that information confidential and secure and use it solely for the purposes of providing the specified services to us.
We may disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
VI. How long we may store your data
Personal data held by us will be kept confidential. How long we may hold your personal data for will vary and will be determined by various criteria, including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulations may set a minimum period for which we have to keep your personal data.
In the event that RPost, in its sole discretion, determines or suspects that any uploaded file(s) constitute(s), or may give rise to, a violation of any law, copyright, trademark, regulation or the RPost service agreement, or you are otherwise in breach of any provision of the service agreement, RPost reserves the right to remove your stored file(s) and/or to deactivate links to stored file(s) without further notice to you.
VII. Your rights in relation to your data
As a customer of the service, you have a right to view the information RPost holds about you and your users by requesting access to your customer RPortal account administrator access; this information being email addresses of users within the customer domain or account, along with the potential of user names if submitted by the customer administrator, or contact information of a person if provided to RPost. If you are not the customer administrator, it is your responsibility to request such access from your customer administrator.
We take reasonable steps to ensure that the personal data we collect, use or disclose is accurate, complete and up-to-date and is protected with appropriate security.
If you wish us to erase any documents stored associated with your use as an originating sender of RPost service, you may cancel your RPost customer account which will restrict you from originating new messages or accessing your account data, and any documents stored. Upon cancelation of a customer account, RPost intends to schedule for deletion stored documents within the customer account. Upon cancelation, you may still have access as a free user, and your use will constitute continued use as a customer and may prevent or defer deletion of any documents stored however RPost may continue with deletion procedures for non-paying customers.
RPost considers usage data about a customer’s use of the RPost services as data that may be required to be retained to continue processing your personal data and/or comply with potential regulatory or commercial audit requests.
RPost considers information that it may use for marketing purposes that may include your name and email address is information restricted from access to the public other than from when RPost communicates using this information to you, and you may request to opt-out of such communications using technical means provided by RPost in such communications. If you feel these technical means are not restrictive enough, you may request erasure from RPost marketing databases by submitting such a request on the RPost contact form using the “Other” category and specifying your request in detail; RPost may undertake a process to evaluate the request over a reasonably period of time of no less than 90 days and may require you to provide information to identify yourself prior to taking action. These contact forms may be found on some of the RPost websites noted herein. An example contact form for such requests is at https://www.rpost.com/contact/
If you have previously provided your consent to our use of your data and you wish to withdraw consent, you may cancel your services account with RPost, remove any RPost software from your systems, and cease using RPost services. Our retention of use logs may continue for lawful purposes and as described herein.
RPost considers information you may have submitted as a recipient requesting to sign an agreement sent for e-sign by an RPost service user, or information you may have added to an email in reply to an RPost reply service (i.e. Registered Encrypted Reply, Registered Reply, E-Signoff, RSign) is under control of the RPost customer sender and any requests related to this content should be made to that specific RPost service customer that originated the message from which you replied to.
If you have any complaints in relation to the way we have used your personal data, please contact us in the first instance using the web forms mentioned herein. You also have the right to lodge a complaint with the information commissioner’s office of your country or the Information Commissioner’s Office in the United Kingdom at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (Tel: 0303 123 1113), if you think we have infringed your rights, and under certain conditions, you have the right to invoke binding arbitration.
C. Additional Privacy Statement: RMail App for Gmail
The RMail app for Gmail routes outbound Gmail SMTP messages to RMail services by modifying the recipient addresses with a domain extension. The messages are routed using a wildcard MX record and the added recipient domain extensions are removed for processing when received by the RMail service. (For example: To: email@example.com is modified to: firstname.lastname@example.org en route from Gmail servers to RMail service servers; the DNS Lookup for one such extension is *.rpost.biz is MX 10 gate.r1.rpost.net).
In the RMail for Gmail app, the RMail software downloads the draft message to be sent, modifies the recipient addresses in the draft as noted above, sends the modified message to the modified destination as noted above, and deletes the original draft message. Additionally, the RMail software modifies the addresses in the sent item after sending and in the user contacts after sending, to reflect the original correct recipient addresses (without the RMail added domain extension).
Updating the sent item requires listing and downloading the sent item with modified addresses, creating a replacement sent item with the correct original addresses, deleting the sent item with modified addresses. To delete a message (sent item), the only Google provided scope available is https://mail.google.com/ https://developers.google.com/gmail/api/v1/reference/users/messages/delete).
That scope covers all the RMail software needs apart from the Gmail Contacts API used to update the contacts address to return it to its original unmodified address (without the RMail added extension). For contacts management, the RMail software uses: https://www.google.com/m8/feeds/
Therefore, the RMail app for Gmail applies for the above mentioned two scopes, the minimum that the RMail app for Gmail needs. A summary of Scopes and APIs used follow. Scopes: https://mail.google.com/ and https://www.google.com/m8/feeds/. APIs:
RPost uses best efforts to abides by each respective country’s privacy rules and principles as service is taken up in the country. RPost abides by practices and procedures to meet the requirements of the European General Data Protection Regulation and Privacy Shield, the National Privacy Principles of Australia, and the U.S. Privacy Act 1988, as well as other privacy laws specific to other countries and territories.
RPost had been complying with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States while these agreements were generally accepted. It is understood that the provenance of the Privacy Shield Program is uncertain at this time due to geo-political differences and for this reason, RPost has not renewed its certification with the Department of Commerce but has continued to follow the principles that were set forth in the generally accepted EU-U.S. Privacy Shield Framework and SwissU.S. Privacy Shield Framework.
The U.S. based RPost entities are subject to the investigatory and enforcement powers of the Federal Trade Commission, while all RPost entities commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and comply with the advice given by such authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
RPost will not share your information with third parties for a purpose that is materially different from original purpose(s) without your consent. In instances where RPost shares your information with third parties, RPost shall remain liable under the principles of Privacy Shield if such third parties process such personal information in a manner inconsistent with the Principles, to the extent that RPost’s actions were responsible for the event giving rise to the damage.
If you wish to object to the collection of personal data listed under “data collection and purpose“ RPost asks you to refrain from using the RPost Services, as data collection is directly linked to the provision of the services.
This notice was last updated on December 20, 2020. We reserve the right to change this notice and our privacy policies at any time.