The only change from our previous policy is the addition of our data transparency report.
Fastmail Pty Ltd (“we”, “our” or “us”) based at PO Box 234, Collins Street West, VIC 8007, Australia, ABN 31 142 646 580 is responsible for your personal information (Personal Information) and we take our data protection and privacy responsibilities seriously.
Important information about Fastmail:
Fastmail is an Australian company, Fastmail Pty Ltd (“Fastmail”). We also operate under the brand/marketing names: Pobox (Lifetime Email) https://www.pobox.com, Listbox https://www.listbox.com, and Topicbox https://www.topicbox.com as part of our services portfolio.
Our website has our contact information: https://www.fastmail.com/about/company.html.
You should be aware that your information may be held in databases which can be accessed by other Fastmail companies and their partners or service providers worldwide. We employ people through different Fastmail companies and partners, depending on where they live and those Fastmail companies and partners provide service, at the same level of quality and with the same policies throughout the world. We provide more information on our worldwide service locations and partners in this policy.
You can read about where data is held on our security help page.
- What personal information we collect and when and why we use it.
- How we share personal information within Fastmail and with our service providers, regulators and other third parties
- Explaining more about your Marketing Preferences
- Transferring personal information globally
- How we protect and store personal information
- Your rights available to help manage your privacy
- How you can contact us for more support
- Data transparency report
What personal information we collect, and when and why we use it
In this section you can find out more about:
- the types of personal information we collect;
- when we collect personal information;
- the different kinds of personal information we collect for certain services we offer; and
- how we use personal information
You can use our services in a variety of ways to manage your privacy when you sign up for a Fastmail account, for example if you want to create and manage content like emails and photos, or see more relevant search results. You can adjust your privacy settings to control what we collect and how your information is used.
When we collect information
We collect information about you if you register to use our services, create an account with us, visit our platform or one of our websites, or use one of our services. We also collect information about you where you are an individual representative of one of our business partners or providers with whom we engage in offering and providing our services.
The information we collect, and how that information is used, depends on how you use our services and how you manage your privacy controls in your account.
Personal information we collect and use if you register to use, or use, one of our websites or services (including for trial purposes)
If you register to use, or use, one of our websites or services including Fastmail https://www.fastmail.com, Pobox (Lifetime Email) https://www.pobox.com, Listbox https://www.listbox.com or Topicbox https://www.topicbox.com, personal information that may be collected directly from you includes name, billing address, mobile phone number, organisation name, your own domain name, IP address, browser user-agent and billing details (credit card, or PayPal account). We also collect some of this information if you are using our services on a trial basis. Our help page on each service explains how your information is deleted if you decide not to proceed.
We process mail sent and received from your account to block spam and fraud. We receive information from third party services to assist us in identifying spam. If you report a message to us, either through the service or via customer support, as spam or not spam, we may share that message with the third party service that flagged it to improve the accuracy of future filtering. See further below on your rights when we disclose your information to our third party service providers.
We also store information from your address book, calendar, notes and files on our servers until you delete them (for more information on data retention see our security help page). We will also share this information with your devices and external accounts where you have authorised us to do so.
We also collect the email content you create, upload, or receive from others when using our services. We use this information to deliver our services, like processing the terms you search for in order to return results or helping you add addresses to messages by suggesting recipients from your contacts.
Each time you connect to our service, we log your IP address, your client identifier (browser or mail client information) and your username. If you send mail, we also log the email address you’re using to send mail and the email address you’re sending to. If you take action on mail in your mailbox, we also log the activities taken. This is necessary for providing proof of delivery and fraud analysis. For example, we need this information for detecting deliverability issues if there are failures sending email that we either detect through monitoring or when you ask if email you are sending/receiving is working properly. We also need your IP address and username to help you validate if someone else has gained access to your account to send spam or for other fraudulent purposes.
Information we collect if a registered user allows you to access their account
In a multi-user account, if you are permitted to access and use a user account on any of our services by the registered user directly, we may collect the following information about you: IP address and name.
The registered account holder is responsible for your access and use if they provide you with access to and use of an account and the Personal Information residing in that account.
Information we collect if you are an employee or a contact at our business partner or sign up to our newsletters
We collect this information regardless of whether you use the Fastmail, Topicbox, Listbox or Pobox services that we provide.
If you are an individual user who is assigned an account on our website/platform by your company, your account is likely to be managed by an administrator. Alternative and/or additional terms may apply as determined by your company’s privacy and other related policies, and your administrator may be able to access or disable your account.
How do we use the personal information we collect from you?
We use this information to:
- provide you with our services and to maintain, manage and improve our services;
- help our services deliver more useful, customised content such as more accurate search results;
- send you notifications when you receive new mail or events; we may also send you a notification if we detect suspicious activity, like an attempt to sign in to your account from an unusual location;
- at your option, contact you to let you know about updates to our services or information we feel may be of interest to you (see more information at Direct Marketing);
- provide you with customer support including technical support and troubleshooting (for example, to reset your password);
- protect you and conduct security investigations and fraud and abuse analysis (including to help us flag spam mail);
- conduct analytics and measurement to understand how our services are used;
- comply with our legal obligations, for example when assisting governments and law enforcement agencies or regulators (as may be required by law);
- improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm Fastmail, you, our users, or the general public.
We routinely analyse information to help improve the way we run our business, to provide a better service and to enhance the accuracy of our products and services. We use usage information for data analytics, particularly to understand how our services are used, but this information is not personal information as it is. We anonymise data fields before allowing information to be available for analysis.
Your privacy controls
You have and can manage your choices regarding the information we collect and how it’s used. You have an opportunity to review and adjust privacy settings in your account. Some of our products offer specific privacy settings. For example, you can manage your contact information, such as your name, email address, and phone number. You can also delete certain information, or your entire Fastmail account should you wish to do so. You can download and export a copy of all of your data and content in your Fastmail account if you want to back it up or use it with a service outside of Fastmail.
Sharing personal information with others
In this section you can find out more about how we share personal information:
- within Fastmail;
- with third parties that help us provide our products and services; and
- with government organisations and agencies, law enforcement and regulators.
We may share your personal information in the manner and for the purposes described below:
- with third parties who help manage our business and deliver services. These include service providers who help manage our systems. Some of these providers use “cloud based” IT applications or systems, which means that your Personal Information will be hosted on their servers, but under our control and direction. We require all our service providers and third parties to respect the confidentiality and security of Personal Information and our contracts with them generally include obligations for them to comply with applicable privacy laws and to use any personal information we share with them solely for the purpose of providing services to us.
- with account administrators — if you work for or are part of an organisation that uses Fastmail services, your account administrators and/or resellers who manage your account will have access to your Fastmail account. They may be able to:
- access and retain information and your email stored in your account;
- view statistics regarding your account;
- change your account password
- suspend or terminate your account access
- receive your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- restrict your ability to delete or edit your information or your privacy settings
Your use of Fastmail products and services is subject to your organisation’s policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organisation’s account administrator.
- with government organisations and agencies, law enforcement, regulators to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- with banks and payment providers to authorise and complete payments, though we only maintain a record of your email address (for PayPal), or the last four digits of your credit card and expiry date (for credit card);
- if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets; and
- we may share in aggregate, statistical form, nonpersonal information regarding the visitors to our website, traffic patterns, and website usage with our partners and affiliates.
Explaining more about your marketing preferences
In this section you can find out more about:
- how we use personal information to keep you up to date with our products and services;
- how you can manage your marketing preferences; and
- when and how we undertake profiling and analytics
How we use personal information to keep you up to date with our products and services
We may use your name and email address to send direct marketing communications to you and let you know more about our services or related services that we believe will be of interest to you. We may contact you by email, or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
How you can manage your marketing preferences
To protect your privacy rights and to ensure you have control over how we manage marketing with you:
- users of the Fastmail, Listbox and Pobox services can opt out of any non-essential communication by de-selecting the relevant checkbox in the settings page in the web interface;
- even after opting in, you can ask us to stop sending email marketing by following the “unsubscribe” or opt-out links in electronic communications. Alternatively you can contact us; and
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you
When and how we undertake data analytics and profiling
We may use profiling or other forms of automated processing to assess if your account may be fraudulent, a spam account or suspect in any way. We may also use profiling to lock fraudulent or suspect accounts, including any “stolen accounts”. Our monitoring systems detect high levels of outgoing spam, or unusual login patterns which a staff member then reviews to determine appropriate action.
We do not profile you to customise services for you, provide personalised content or show you personalised advertisements based on your individual interests, preferences, or related activities.
Transferring personal information globally
In this section you can find out more about:
- how we operate as a global business and transfer data internationally; and
- the arrangements we have in place to protect your personal information if we transfer it overseas.
Your personal information may be disclosed, transferred to or processed outside of your country of residence. This includes to Australia, the United States of America, India, and the Netherlands, where it will be subject to the laws of the country to which it is transferred. These jurisdictions may not have an equivalent level of data protection laws as those in your country.
For EU/UK individuals — if you are an individual based in or a resident of the European Union or the United Kingdom, your personal information may be processed outside of the European Union, in countries such as the United States of America, Australia, India, that are subject to different standards of data protection.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
- where we transfer your personal information outside of Fastmail or to third parties who help provide our services, we obtain contractual commitments from those third parties to protect your personal information. Some of these assurances are well-recognised certification schemes like the EU US Privacy Shield for the protection of personal information transferred from within the EU to the United States and/or the use of EU approached Standard Contractual Clauses (“EU Model Clauses”) for controller to controller and /or controller to processor transfers from the EU/UK to jurisdictions, such as Australia who do not have an adequacy finding from the EU Commission; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
How we protect and store your information
We store most of your personal information electronically. We implement and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, misuse or interference or the unauthorised disclosure, access or modification to such information appropriate to the nature of the information concerned.
The security of your information is paramount and a critical consideration for Fastmail in the provision of its services to you. Please see further information on the security measures we engage on our websites and platform and when you use any of our services.
We work hard to protect you and Fastmail from unauthorised access, alteration, disclosure, or destruction of information we hold. Measures we take include:
- placing confidentiality requirements and restricted access protocols on our staff members and service providers who need access to your information in order to process it to provide our services to you;
- destroying your personal information if it is no longer needed to provide you with our service;
- destroying logging or other transactional information that may incidentally contain personal information in accordance with our schedules to clear such information;
- following strict security procedures in the access, storage and disclosure of your personal information to prevent unauthorised access to it; and
- using secure communication transmission software (known as “secure sockets layer” or “SSL”) that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol and this ensure that the information is reasonably protected against unauthorised interception.
As the security of information depends in part on the security of the computer and/or device you use to communicate with us and the security you use to protect your user IDs and passwords, please take appropriate measures to protect this information.
How long do we store/retain your personal information
In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. Where we log information related to your IP address, we retain this information for approximately 90 days. This is for the purposes of fraud watch, as often users don’t check in with us in a timely fashion over whether their account is compromised. Being able to look at some amount of recent history and know what activity was taken by a legitimate user vs a malicious one is useful.
We proscribe your primary email address, if it’s at one of our domains, for up to 6 six months after your account is closed, to reduce the risk of impersonation, should someone try to use the same email address as you in order to impersonate you.
Where you request that we delete your account from our system, we will immediately lock the account and archive the information, then delete it from our severs within approximately 7 days from the date of your request. This archive window allows you to recover your information in the event of an accident or malicious deletion request.
However, in specific limited circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
When a Fastmail product collects age, and there is an age in your jurisdiction under which parental consent or authorisation is required to use the product, the product will either block users under that age or will ask them to provide consent or authorisation from a parent or guardian before they can use it. We will not knowingly ask children under that age to provide more data than is necessary to provide the product.
A cookie is a text file containing small amounts of information which is downloaded to/stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.
Cookies may collect personal information about you. Cookies help us remember information about your visit to our website, like your username, country, language and other settings. Cookies allow us to understand who has seen which webpages, to determine how frequently particular pages are visited and to determine the most popular areas of our website. They can also help us to operate our website more efficiently and make your next visit easier. Cookies can allow us to do various other things, as explained further in our Cookies Policy.
For more information about how our cookies work and information about how to manage your cookie settings please visit our Cookies Policy
Your rights available to help manage your privacy
You have a number of rights in relation to your personal information.
You may access or request correction of the personal information that we hold about you by contacting us. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up-to-date and complete.
You can access and control your Personal Information that Fastmail has obtained with tools Fastmail provides to you, described below, or by contacting Fastmail.
- if Fastmail obtained your consent to use your personal information, you can withdraw that consent at any time;
- you can request access to, erasure of and updates to your personal information; and
- if you’d like to port your data elsewhere you can use tools Fastmail provides to do so, or if none are available you can contact Fastmail for assistance.
You can also object to or restrict Fastmail’s use of your personal information. For example, you can object at any time to our use of your personal information:
- for direct marketing purposes; or
- where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.
You may have these rights under applicable laws, including the EU General Data Protection Regulation (GDPR), but we offer them regardless of your location.
If your organisation, such as your employer or service provider, provides you access to and is administering your use of Fastmail products, contact your organisation to learn more about how to access and control your Personal Information.
You can access and control your Personal Information that Fastmail has obtained, and exercise your data protection rights, using various tools we provide. The tools most useful to you will depend on our interactions with you and your use of our products. Please use our help pages first to learn about the tools available to you, but you are able to contact us to exercise your rights.
We may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Google API usage
We provide a way for users to migrate their data from Google onto Fastmail. When a user voluntarily connects their Google account, we comply with the Google API Services User Data Policy. Fastmail’s use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
The primary point of contact for all issues arising from this Policy is our Data Protection Officer. They can be contacted in the following ways:
Fastmail Pty Ltd
PO Box 234
Collins St West
If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by applicable data protection laws.
To contact your data protection supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement).
If you are located in Australia, you can contact the Office of the Australian Information Commissioner at https://www.oaic.gov.au/.
We would however ask that you please attempt to resolve any issues with us before raising with your local supervisory authority.
Data transparency report
Every year we publish a data transparency report.
|Personal Information||Any information capable of identifying a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their his or her physical, physiological, mental, economic, cultural or social identity. Information is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link.|
|Processing and “process”||Any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, including, but not limited to collection, recording, organisation, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction.|