Data Protection Agreement — Annex 1, List of Parties, Description of Transfer and competent supervisory authority
A. LIST OF PARTIES
Data Exporter(s):
- Name
- Your name address and contact details as provided to Fastmail as part of your purchase of the Service.
- Activities relevant to the data transferred under these Clauses
- Providing Account Data to Fastmail. Using the Service to process Communications Data.
- Role
- Controller
Data Importer(s):
- Name
- Fastmail Pty Ltd (ABN 31 142 646 580)
- Address
- PO Box 234, Collins Street West, VIC 8007, Australia
- Contact person’s name, position, and contact details
- dataprotection@fastmailteam.com
Fastmail Pty Ltd PO Box 234 Collins St West VIC 8007 Australia - Activities relevant to the data transferred under these Clauses
- Processing Account Data as Controller and Communications Data as processor.
- Role
- Controller of Customer Account Data. Processor of Account Data associated with users who are not Customers and Communications Data
B. DESCRIPTION OF TRANSFER
Transfer Controller to Controller
Categories of Data Subjects whose Personal Data is transferred
Customers. Data Subjects whose accounts are managed by Customers. Data Subjects that communicate using the Service. Data Subjects whose personal information is included in communications made using the Service.
Categories of Personal Data transferred
Data relevant to the Customer relationship with an individual, including without limitation:
- Full name (first and last name, where applicable);
- Personal contact information (for example, phone number, email address);
- Business contact information (for example, phone number, email address, billing address);
- Technical ID data (such as IP addresses); and
- Financial / billing data.
- Usage data
The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures outlined in Annex 2.
The frequency of the transfer
The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.
Nature of the processing
Collection, storage, retrieval, and delivery.
Purpose(s) of the data transfer and further processing
Collecting, recording, replicating and storing the data for the purposes of:
- Delivery of service;
- Account management;
- Customer support or maintenance;
- Information and database administration (the maintenance of information or databases as a reference tool or general resource);
- Marketing or customer engagement;
- Data analytics, or business intelligence;
- Market research;
- Sale or acquisition of a business;
- Risk management and quality control; and
- Centralisation of data processing activities.
The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period
Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.
Transfer Processor to Controller
Categories of Data Subjects whose Personal Data is transferred
Customers. Data Subjects whose accounts are managed by Customers. Data Subjects that communicate using the Service. Data Subjects whose personal information is included in communications made using the Service.
Categories of Personal Data transferred
Data relevant to the customer relationship between Customers and Data Subjects whose account are managed by Customers including without limitation:
- Full name (first and last name, where applicable);
- Personal contact information (for example, phone number, email address);
- Business contact information (for example, phone number, email address, billing address);
- Technical ID data (such as IP addresses);
- Financial / billing data;
- Usage data
The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures outlined in Annex 2.
The frequency of the transfer
The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.
Nature of the processing
Collection, storage, retrieval, and delivery.
Purpose(s) of the data transfer and further processing
Collecting, recording, replicating and storing the data for the purposes of:
- Delivery of service;
- Account management;
- Customer support or maintenance;
- Information and database administration (the maintenance of information or databases as a reference tool or general resource);
- Marketing or customer engagement;
- Data analytics, or business intelligence;
- Market research;
- Sale or acquisition of a business;
- Risk management and quality control; and
- Centralisation of data processing activities.
The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period
Service Account Data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.
For transfers to (sub-)processors, also specify subject matter, nature, duration of processing
Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship.
Transfer controller to processor
Categories of data subjects whose personal data is transferred
Account Information associated with data subjects whose accounts are under control of Fastmail. Account information of a Customer, where the Customer is an account administrator for third parties, a corporation or a reseller. Data subjects that communicate using the Service. Data subjects whose personal information is included in communications made using the Service.
Categories of personal data transferred
Data relevant to the Customer relationship with an individual, including without limitation:
- Full name (first and last name, where applicable);
- Personal contact information (for example, phone number, email address);
- Business contact information (for example, phone number, email address, billing address);
- Technical ID data (such as IP addresses); and
- Financial / billing data.
- Usage data
The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures outlined in Annex 2.
The frequency of the transfer
The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.
Nature of the processing
Collection, storage, retrieval, and delivery.
Purpose(s) of the data transfer and further processing
Collecting, recording, replicating and storing the data for the purposes of:
- Delivery of service;
- Account management;
- Customer support or maintenance;
- Information and database administration (the maintenance of information or databases as a reference tool or general resource);
- Marketing or customer engagement;
- Data analytics, or business intelligence;
- Market research;
- Sale or acquisition of a business;
- Risk management and quality control; and
- Centralisation of data processing activities.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.
Transfer processor to processor
Categories of data subjects whose personal data is transferred
Account Information associated with data subjects whose accounts are under control of Fastmail. Account information of a Customer, where the Customer is an account administrator for third parties, a corporation or a reseller. Data subjects that communicate using the Service. Data subjects whose personal information is included in communications made using the Service.
Categories of personal data transferred
Data relevant to the customer relationship between Customers and data subjects whose account are managed by Customers including without limitation:
- Full name (first and last name, where applicable);
- Personal contact information (for example, phone number, email address);
- Business contact information (for example, phone number, email address, billing address);
- Technical ID data (such as IP addresses); and
- Financial / billing data (including bank account numbers).
- Usage data
The range of Personal Data that may be contained in communications sent using the platform is unlimited. The range of Sensitive Data that may be included in Communications Data sent using the platform is unlimited. The security of Communications data is assured by the measures out line in Annex 2.
The frequency of the transfer
The transfer of Account Data is one off (subject to updating). The transfer of Communications data is ongoing.
Nature of the processing
Collection, storage, retrieval, and delivery.
Purpose(s) of the data transfer and further processing
Collecting, recording, replicating and storing the data for the purposes of:
- Delivery of service;
- Account management;
- Customer support or maintenance;
- Information and database administration (the maintenance of information or databases as a reference tool or general resource);
- Marketing or customer engagement;
- Data analytics, or business intelligence;
- Market research;
- Sale or acquisition of a business;
- Risk management and quality control; and
- Centralisation of data processing activities.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
Service Account Data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. (Exact duration is dependent on the length of the Customer service relationship).
For transfers to (sub-)processors, also specify subject matter, nature, duration of processing
Account data will be held during the period of service and for six (6) years following the end of the Customer service relationship. Communications Data will be held until deleted by the Customer or as required by law, or no more than twelve (12) months following the end of the Customer service relationship. Exact duration is dependent on the length of the Customer service relationship.
C. COMPETENT SUPERVISORY AUTHORITY
Transfer Controller to Controller
The Data Protection Commission of the Republic of Ireland