Home

Data Protection Agreement — Annex 1, List of Parties, Description of Transfer and competent supervisory authority

A. LIST OF PARTIES

Data Exporter(s):

Name
Your name address and contact details as provided to Fastmail as part of your purchase of the Service.
Activities relevant to the data transferred under these Clauses
Providing Account Data to Fastmail. Using the Service to process Communications Data.
Role
Controller

Data Importer(s):

Name
Fastmail Pty Ltd (ABN 31 142 646 580)
Address
PO Box 234, Collins Street West, VIC 8007, Australia
Contact person’s name, position, and contact details
dataprotection@fastmailteam.com
Fastmail Pty Ltd PO Box 234 Collins St West VIC 8007 Australia
Activities relevant to the data transferred under these Clauses
Processing Account Data as Controller and Communications Data as processor.
Role
Controller of Customer Account Data. Processor of Account Data associated with users who are not Customers and Communications Data

B. DESCRIPTION OF TRANSFER

Transfer Controller to Controller

Categories of Data Subjects whose Personal Data is transferred

Customers. Data Subjects whose accounts are managed by Customers. Data Subjects that communicate using the Service. Data Subjects whose personal information is included in communications made using the Service.

Categories of Personal Data transferred

Data relevant to the Customer relationship with an individual, including without limitation:

  • Full name (first and last name, where applicable);
  • Personal contact information (for example, phone number, email address);
  • Business contact information (for example, phone number, email address, billing address);
  • Technical ID data (such as IP addresses); and
  • Financial / billing data.
  • Usage data

The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures outlined in Annex 2.

The frequency of the transfer

The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.

Nature of the processing

Collection, storage, retrieval, and delivery.

Purpose(s) of the data transfer and further processing

Collecting, recording, replicating and storing the data for the purposes of:

  • Delivery of service;
  • Account management;
  • Customer support or maintenance;
  • Information and database administration (the maintenance of information or databases as a reference tool or general resource);
  • Marketing or customer engagement;
  • Data analytics, or business intelligence;
  • Market research;
  • Sale or acquisition of a business;
  • Risk management and quality control; and
  • Centralisation of data processing activities.

The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period

Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.

Transfer Processor to Controller

Categories of Data Subjects whose Personal Data is transferred

Customers. Data Subjects whose accounts are managed by Customers. Data Subjects that communicate using the Service. Data Subjects whose personal information is included in communications made using the Service.

Categories of Personal Data transferred

Data relevant to the customer relationship between Customers and Data Subjects whose account are managed by Customers including without limitation:

  • Full name (first and last name, where applicable);
  • Personal contact information (for example, phone number, email address);
  • Business contact information (for example, phone number, email address, billing address);
  • Technical ID data (such as IP addresses);
  • Financial / billing data;
  • Usage data

The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures outlined in Annex 2.

The frequency of the transfer

The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.

Nature of the processing

Collection, storage, retrieval, and delivery.

Purpose(s) of the data transfer and further processing

Collecting, recording, replicating and storing the data for the purposes of:

  • Delivery of service;
  • Account management;
  • Customer support or maintenance;
  • Information and database administration (the maintenance of information or databases as a reference tool or general resource);
  • Marketing or customer engagement;
  • Data analytics, or business intelligence;
  • Market research;
  • Sale or acquisition of a business;
  • Risk management and quality control; and
  • Centralisation of data processing activities.

The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period

Service Account Data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.

For transfers to (sub-)processors, also specify subject matter, nature, duration of processing

Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship.

Transfer controller to processor

Categories of data subjects whose personal data is transferred

Account Information associated with data subjects whose accounts are under control of Fastmail. Account information of a Customer, where the Customer is an account administrator for third parties, a corporation or a reseller. Data subjects that communicate using the Service. Data subjects whose personal information is included in communications made using the Service.

Categories of personal data transferred

Data relevant to the Customer relationship with an individual, including without limitation:

  • Full name (first and last name, where applicable);
  • Personal contact information (for example, phone number, email address);
  • Business contact information (for example, phone number, email address, billing address);
  • Technical ID data (such as IP addresses); and
  • Financial / billing data.
  • Usage data

The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures outlined in Annex 2.

The frequency of the transfer

The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.

Nature of the processing

Collection, storage, retrieval, and delivery.

Purpose(s) of the data transfer and further processing

Collecting, recording, replicating and storing the data for the purposes of:

  • Delivery of service;
  • Account management;
  • Customer support or maintenance;
  • Information and database administration (the maintenance of information or databases as a reference tool or general resource);
  • Marketing or customer engagement;
  • Data analytics, or business intelligence;
  • Market research;
  • Sale or acquisition of a business;
  • Risk management and quality control; and
  • Centralisation of data processing activities.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.

Transfer processor to processor

Categories of data subjects whose personal data is transferred

Account Information associated with data subjects whose accounts are under control of Fastmail. Account information of a Customer, where the Customer is an account administrator for third parties, a corporation or a reseller. Data subjects that communicate using the Service. Data subjects whose personal information is included in communications made using the Service.

Categories of personal data transferred

Data relevant to the customer relationship between Customers and data subjects whose account are managed by Customers including without limitation:

  • Full name (first and last name, where applicable);
  • Personal contact information (for example, phone number, email address);
  • Business contact information (for example, phone number, email address, billing address);
  • Technical ID data (such as IP addresses); and
  • Financial / billing data (including bank account numbers).
  • Usage data

The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures out line in Annex 2.

The frequency of the transfer

The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.

Nature of the processing

Collection, storage, retrieval, and delivery.

Purpose(s) of the data transfer and further processing

Collecting, recording, replicating and storing the data for the purposes of:

  • Delivery of service;
  • Account management;
  • Customer support or maintenance;
  • Information and database administration (the maintenance of information or databases as a reference tool or general resource);
  • Marketing or customer engagement;
  • Data analytics, or business intelligence;
  • Market research;
  • Sale or acquisition of a business;
  • Risk management and quality control; and
  • Centralisation of data processing activities.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Service Account Data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. (Exact duration is dependent on the length of the Customer service relationship).

For transfers to (sub-)processors, also specify subject matter, nature, duration of processing

Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.

C. COMPETENT SUPERVISORY AUTHORITY

Transfer Controller to Controller

The Data Protection Commission of the Republic of Ireland