Last Updated: July 08th 2019.
Click on one of the links below to obtain more information in the listed section:
2. Personal Information we may collect
2a. Personal Information provided by you
2b. Information we automatically collect from your use of the Services
2c. Personal Information collected from connected social media accounts
3. How we may use your Personal Information
4. How we process your Personal Information
5. How we share your Personal Information
6. How we ensure data confidentiality and security and how long we store data
7. Do we transfer Personal Information across the border
8. Your rights and choices
11. Contact us
16192 Coastal Highway
Lewes, DE 19958
United States of America
(hereinafter “PublBox”, “we”, “our”, “us” and other forms of the word) collects, uses, processes and deals with data provided by users (individual - “user”).
PublBox agrees and undertakes to protect the privacy of Personal Information of users who:
- visit any website offered by PublBox, including but not limited to www.publbox.com, all subdomains, current and future (“Website”);
- use mobile applications offered by PublBox (“Mobile Apps”);
- use services provided by PublBox in connection with our user, vendor, and partner relationships (“Service”).
Your privacy is our concern, and we are serious about it. We do not sell your Personal Information and use it strictly to provide you with Services and improve them. In this way, we act as a data controller, and for data processing, we act as data processor.
Take note that when you use our Services, you allow us to transfer your data across the border to other countries where PublBox and its partners are engaged in business, including but not limited to the United States of America. Privacy protection and government rights to access your data in these countries may differ to those existing in your country. We will take all the possible measures to ensure that your Personal information would remain protected in the future. For further details, please see the section “DO WE TRANSFER PERSONAL INFORMATION ACROSS THE BORDER”.
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from our Services if that information is necessary to provide you with the service or if we are legally required to collect it.
We may collect information through your communications with our customer support team or other communications that you may send us and their contents.
Making a purchase
When you make payments through the Services, you will need to provide Personal Information such as your credit card number and billing address.
You may otherwise choose to provide us with information when you fill in a form, respond to surveys or use other features of our Services. You may also provide us with other optional information as part of your account profile, including your usernames, avatars and links to the social media profiles you authenticate with your PublBox profile. We may also collect your contact details when you provide them in the context of our customer, vendor, and partner relationships.
Log data and usage information. Location data
When you use our Services, our servers automatically record information, including information that your browser sends whenever you visit a Website or Mobile Apps (“Log Data’). This Log Data is collected solely for purposes of analysis and improvement of our Services. This Log Data may include information such as your IP address, the address of the web page you visited before using the Services, your browser type and settings, your device information, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, unique identifiers, cookie data and any advertisements on which you click. Also when you use our Services, we may collect information about your geographic location.
This type of data may enable us to figure out how often users use parts of the Services, help us determine customer service and Website needs, and do internal research on our users' demographics, interests, and behavior to better understand, protect and serve you. PublBox may use this data in aggregate form, that is, as a statistical measure. As part of this use of information, we may provide aggregate information, not information about you personally, to our partners about how our users, collectively, use our Services.
Cookies and similar technologies
Being a registered user of the Service, we process information about you contained in or obtained from some cookies in our legitimate interests and for some cookies – on the basis of your consent. You may change your consent to the use of not essential (advertisement) cookies at your account settings. Please be aware that functional, performance cookies and analytics technologies are essential for the use of PublBox Services. They will enhance your user experience as well as will allow us to learn about how you use PublBox Website and/or Mobile Apps in order to improve the quality of our Website and/or Mobile Apps.
You can also control and/or delete cookies as you wish with the help of Internet browsers. All recent versions of popular browsers give you a level of control over cookies. The majority of Internet browsers are already set up to accept cookies automatically. If you do not wish us to use these files, you should set your browser up respectively to prevent them from being placed or not use PublBox Services.
If you switch off the use of data such as cookie files, you will still be able to use our Services, however, this will limit your access to a lot of features or their components which are essential to Service functionality. Therefore, we highly recommend you not to switch off the use of data such as cookie files.
Third Party Services
Also our Website may contain links to other websites. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. We are not responsible for the content, privacy and security practices, and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to read the privacy policies or statements of the other websites you visit.
PublBox also may integrate with third parties to provide Services to you. Since the list of such Third Parties is time-dependent, geography-dependent and Service-dependent, it is impossible to provide comprehensive list of Third Party Services herein. Such service providers may be generally classified as:
i. Infrastructure and data storage subprocessors. These organizations are utilized store/host/process information and infrastructure (which may include Personal Data) that helps with delivery of the Publbox Services. These include, but not limited to: Amazon Web Services, Inc. and JSC “Perviy” (applicable to citizens of Russian Federation).
ii. Social platforms and publication hosting providers. Integration to social networks and publication hosting providers are done by respective owners of such platforms, including but not limited to Facebook, Instagram, Linkedin, Youtube, Twitter, VK, Odnoklassniki, Telegram etc.
iii. Marketing service providers. Marketing and advertisement are carried out by professional third parties, which include but not limited to City Ads, Admitad, Mobityze etc.
iv. Monitoring, analytics and statistics providers. These parties offer us assistance with improving our website and client satisfaction. PublBox includes but not is not limited to utilizing the following: Mixpanel, Hotjar, FirstPromoter, CrazyEgg, Yandex Metrika, Global Site Tag, Google Conversion Linker etc.
v. Service specific subprocessors. Some service providers cannot be classified due specialization of their services these include payment service providers (Stripe), client support tools (Intercom), Affiliation management (FirstPromoter) etc.
A comprehensive list of Third Party Services is dynamic and may be provided by PublBox upon request. For more information on what type of information such providers collect, please visit their terms and policies.
In order to allow you to post to your social media accounts, we may ask you to provide your username, account ids, social handle and email address. If you connect your third-party social media account to your PublBox account, we may collect certain information stored in your social media account such as: profile image, display name, username / profile ID, access tokens, and sent posts. This includes the content of your post and engagement data (such as click rates, likes, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by PublBox to provide you with the Services you expect.
Additionally, if you connect Twitter, Facebook, or Instagram when utilizing PublBox Results Analyzer we may collect: profile image, display name, username / handle, access tokens, social accounts insights data and social accounts demographic data, posted publications and tweets, social account’s followers count, social account’s insights data and social account’s audience data.
We use, store, and process Personal Information as a data controller to provide, understand, improve and develop our Services, keep our Services safe and to comply with our legal obligations.
More particularly, we use it for the following reasons:
- To operate Websites / Mobile Apps and provide Services to you, including to:
- create and manage your account;
- identify you when you login to your account and enable your access to our Services;
- verify your transactions, for purchase confirmation, billing, security, and authentication;
- publish your content, comments or messages on social media platforms;
- To allow you to communicate with us and with other users, for example, in order we could assist you with setting up or administering your account, to provide customer care and support, send technical notices, updates of upcoming changes or improvements to the Services, reminders, security alerts and other support and administrative messages;
- To manage our business needs, such as monitoring, analyzing, and improving the Services and the Websites / Mobile Apps performance and functionality. For example, we analyze user behavior and perform research about the way you use our Services;
- To protect and ensure the security of our Services;
- To manage our customer, service provider and partner relationships;
- To enforce our agreements related to our Services and our other legal rights;
- To comply with applicable legal requirements, industry standards and our policies;
- To keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us as well as affiliated companies. Out of respect for your right to personal privacy, if, at any time, you decide that you do not wish to receive such information or messages from us, please, follow our guidelines to cancel your subscription in relevant emails. You may also refuse to receive marketing offers from us by sending us a request via email to: firstname.lastname@example.org. Please note, that even if you unsubscribe from our marketing emails, we may still continue to send you periodical emails notifying you about our technical problems, services or security related to your requested product or service as well as other administrative messages with respect to the Services.
If you are located in the European Economic Area (EEA) or otherwise subject to the General Data Protection Regulation (GDPR), we may process your Personal Information on the basis of:
- for the purposes specified in Sections 3.1 and 3.2, we process your Personal Information based on our contract with you (if you are our direct customer and a natural person) or based on our legitimate interest to provide our Services to our customers (where our customer is your company or organization and you are an authorized user designated by your company or organization);
- for the purposes specified in Sections 3.3 – 3.7, we process your Personal Information based on our legitimate interest;
- for the purpose specified in Section 3.8, we process your Personal Information based on your voluntary consent where you have given us such consent. Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time. The withdrawal of your consent will not affect the legitimacy of any processing that we have done up to the moment of your withdrawal. It will not affect the processing of your data performed in accordance to the legal conditions of the processing, other than the consent.
The content which you upload, download, or view on our Services may, but does not necessarily, contain Personal Information. When we refer to “Content” in this notice, we mean the Personal Information in Content that we process. We only process Content at your direction and act as data processors for the Personal Information included in the Content.
When you use our Services, you may view, create, and analyze Content which will ultimately be published on the various social media platforms and therefore you allow those them to access and process Content. You, as a PublBox user, control how Content is generated, requested, submitted or published and processed on our Services. As the user, you are the data controller of your Content and we are the data processor for such Content.
PublBox acts as a conduit between you and the various social media platforms and third-party apps.
Be aware that any Content that has been shared by you through any social media platforms or third-party apps via the Services may continue to be available to third parties and the public at large, as this Content is now under the control of the operators of the social media platforms and/or the third-party apps.
For our users with a principal location in the EEA or otherwise subject to the General Data Protection Regulation (GDPR)
Under EU law, PublBox is a data processor of Content generated, requested or published via social media platforms. We process this Content in accordance with the instructions of our users. Because our users control how their Content is collected and used by them, our users are, in legal terms, the controllers of the Content that they process through our Services and are responsible for complying with applicable data protection laws, including the GDPR. If you would like to sign Data Processing Agreement or have any questions, please feel free to contact us at email@example.com.
The processing of your Personal Information is performed in compliance with the following principles and conditions:
- the processing is performed on a legal and fair basis;
- we take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Personal Information;
- Personal Information will be deleted or depersonalized after the processing goals have been reached or if there is no more need to reach such goals;
- collection, processing, transfer and storage of Personal Information is performed in accordance with personal data legislation, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679 of the European Parliament and of the Council.
In our business, we proceed with the assumption that the owner of the Personal Information provides accurate and reliable information and, while using our Services, notifies us in due time of any changes to Personal Information.
The Privacy Shield Framework (Safe Harbor agreement, until 2015) is an adequacy decision by the European Commission and the US Federal Government. It regulates the protection of personal data transferred from a member state of the European Union to the United States. American companies voluntarily process data collected in the European Union according to European data protection standards.
We assume that all data processors comply with this voluntary commitment. If the facts contradict the stipulations made here, the respective processor (e.g. Google, Facebook, etc.) is to be held liable, as we, in good faith, assumed that the controller or processor hold up his contract.
A complete list and search function of all participating European and US companies is available on the Privacy Shield Framework website: https://www.privacyshield.gov/participant_search
Record of Processing Activities
Pursuant to Article 30 of the EU GDPR we maintain a record of processing activities. That record contains all of the following information: (a) the name and contact details of the controller and, where applicable, the joint controller, the controller's representative and the data protection officer; (b) the purposes of the processing; (c) a description of the categories of data subjects and of the categories of personal data; (d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organizations; (e) where applicable, transfers of personal data to a third country or an international organization, including the identification of that third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards; (f) where possible, the envisaged time limits for erasure of the different categories of data; (g) where possible, a general description of the technical and organizational security measures.
We do not trade, sell or lease Personal Information of our users to third parties. We may however share Personal Information under the following circumstances:
- with our service providers (including but not limited to payment processors, including Stripe, hosting and maintenance providers, including Amazon, analytics providers such as Google Analytics, Mixpanel, Intercom, Crazy Egg, Yandex Metrica etc., onboarding services, including Inline Manual etc.) we engage to perform functions or provide services to us. We may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. We also require these third parties to maintain the privacy and security of Personal Information they process on our behalf;
- with PublBox authorized resellers/agents if you purchase the Services from an authorized PublBox reseller/agent who you authorize to access and process your Personal Information in order to support your use of the Services;
- where we believe that it is reasonably necessary to comply with a law, regulation or if we are otherwise legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands;
- if we believe it is necessary in order to investigate, prevent, or take action against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use our Services), or to protect the personal safety of any person or if we believe it is necessary to investigate, prevent, or take action regarding situations that involve the security of our Services, abuse of the Services infrastructure, or the Internet in general;
- to a parent company, subsidiaries, joint venture, affiliates or other companies under control with PublBox;
We may also make certain non-Personal Information available to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding our users’ interest, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and functionality available through the Service.
We are highly concerned with the security of your data privacy. We take various appropriate technical, administrative and processing security measures to ensure the protection of your Personal Information, prevent from data misuse and leaks, such as:
- encryption to ensure confidentiality during data transfer;
- special account security measures;
- personnel training;
- restrictions on storing, printing and disposal of Personal Information;
- software protection of devices on which Personal Information is stored;
- our servers are protected by a) firewalls establishing a barrier between our trusted, secure internal network and the Internet and b) IP restrictions, limiting access to whitelisted IPs;
- when payments are processed via credit card, PublBox uses third party vendors that are PCI_DSS compliant;
- we limit access of our employees, contractors and agents to Personal Information. In addition, we impose strict contractual obligations upon them, for the violation of which they will be subject to sanctions, and so on.
We are always improving our methods of data collection, storage and processing, including physical security measures to prevent from an unauthorized access to our systems.
Moreover, we use third-party providers and partners for hosting, such as Amazon, for example, for the provision of essential equipment, software, networks, storage and related technologies that are required for our Services’ functioning. These suppliers have been selected due to their high standards of physical and technological safety.
We take reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. At the same time, keep in mind that no security measures are absolutely perfect and impenetrable. We put reasonable efforts into ensuring the security of our systems; but we cannot and we do not guarantee that your Personal Information will not be accessed, viewed, revealed, altered or destroyed through violations of our administrative, physical and electronic warranties. In the case of a leak, we will notify you via email or by placing a special notice on our Services in the shortest possible time stipulated for by the legislation. If you know of any vulnerability in the security system or of potential data violation, please contact us immediately at firstname.lastname@example.org, and we will take relevant steps to eliminate this incident, once it is required.
You must also understand that transfer of information via the Internet cannot be completely secure. We cannot guarantee the safety of data you send via our Services while it is being transferred via the Internet. Any such provision of Personal Information occurs at your own risk.
If you are a registered user, we recommend you to log out of your account at the end of every session and not leave your registered account unattended for any period of time, especially if you are using a public computer or device. In addition, we recommend you to use two-factor authorization, if applicable. If you have encountered any problems with accessing your account, please contact us at email@example.com.
If you publish comments or content on our Services, any data that can identify you, may be read, collected or used by others users of our Services, as well as other parties. PublBox is not liable for the information you choose to display on such platforms, and we cannot guarantee that other users will not copy and/or use your information outside the Services.
PublBox Inc., the company that provides Services, is US company registered in the State of Delaware. Service hosting is based in the United States of America and/or other countries, so user’s Personal Information may be processed in a country that is different to the user’s country of residence. If you use the Services from the EU/EEA or other regions of the world, where the legislation regulating the collection and storage of data may differ from the legislation of the United States of America, please note, that your Personal Information may be transferred to the United States of America and/or other countries and processed in accordance with the legislation of that country. In addition, we use third-party providers for services for the provision of equipment required, such as software, networks, storage and other services, which we use for the functioning of our Services. These third-party providers may process or store information on their servers outside the EU/EEA or your country of residence.
By using our Services or providing information through our Services, you allow us and our authorized service partners to use and process the provided information (including Personal Information) in the corresponding countries. Keep in mind that privacy protection and the rights of government authorities and institutions for access to such information may be different in some of these countries from your country of residence.
Personal Information of the citizens of the Russian Federation is stored on the servers of JSC “Perviy” (OGRN 1083812006101, INN 3812107585, KPP 381201001), https://firstvds.ru/ in accordance with the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ. Thus, the record, systematization, accumulation, storage, and extraction of Personal Information of citizens of the Russian Federation is made using the mentioned database.
In accordance with applicable laws and as further described below, you have the right to request access to, rectification, erasure or portability (e.g. transfer of your Personal Information to another service provider) of your Personal Information we process, as well as to object to the processing of your Personal Information and/or request restriction of such processing. Those rights may be limited in some circumstances by local law requirements. Please note that your objection to processing could mean that we are unable to provide you with our Services.
If you wish to exercise these rights and/or obtain all relevant information, please contact us at firstname.lastname@example.org. You will be asked to identify yourself; this is necessary to verify that the request has been sent by you. We will consider your request in accordance with applicable laws.
8.1.1. Rectification of your Personal Information
According to applicable laws, you may have the right to rectify your Personal Information you have shared with us. Through your settings of the Services, you can update your account information, change your profile settings. If you wish to limit or change access to or the sharing of your Personal Information with a social network, please do this via your account settings on that social network.
8.1.2. Accuracy of your Personal Information
8.1.3. Erasure of your Personal Information
You can ask us to erase your Personal Information at any time. If you approach us with such a request, we will delete all your Personal Information we have without undue delay, provided that your Personal Information is no longer necessary for the provision of the Services or other permitted purposes, in particular in connection with exercising and defending our legal rights, or meeting our legal obligations. We will also delete (and ensure deletion by the processors that we engage) all your Personal Information in case you withdraw your consent or in the circumstances that the law requires us to do so.
8.1.4. Restriction of processing
If you request us to restrict the processing of your Personal Information, e.g. in circumstances when you contest the accuracy, lawfulness or our need to process your Personal Information, we will limit processing of your Personal Information to the necessary minimum (storage) and, if applicable, will process them only for the establishment, exercise or defense of legal claims or, where necessary, for protection of rights of another natural or legal person, or other limited reasons dictated by the applicable law. In case the restriction is lifted and we continue processing your Personal Information, you will be informed accordingly.
8.1.5. Portability of your Personal Information
You have the right to receive Personal Information relating to you and which you have provided to us. If you approach us with such request, we will provide your Personal Information in commonly used and machine-readable format to you. If you request so, we will send your Personal Information to a third party (another data controller) which you will identify in your request, unless such request would adversely affect rights or freedoms of others and where technically feasible.
8.1.6. Objection to processing
You have the right to object to our using your Personal Information on the basis of our legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground. In such case, we will no longer process your Personal Information unless we demonstrate compelling legitimate grounds for their further processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of our legal claims. If you object to processing of your data for direct marketing purposes, we will cease to process your data for these purposes.
8.1.7. Withdraw your consent
If you have provided us any consent with the processing of Personal Information, for example for marketing communication, you can withdraw your given consent at any time without stating any reason. We will block your Personal Information for any further processing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing based on consent before its withdrawal.
8.1.8. Request to our EU Representative or Data Protection OfficerIf you are a resident of EEA you also have the right to send request to our EU representative or Data Protection Officer. In any case, we suggest contacting our main office at email@example.com firstly.
Representative within the European Union
Pursuant to Article 27 of the EU GDPR controllers / processors must - when they are not established within the European Union - designate a representative in the European Union.
We hereby inform details of our representative:
Thoralf S. Thorson
If you believe that you have been injured in the processing of your Personal Information by PublBox, you may also contact the Data Protection Officer of PublBox who is appointed in accordance with Article 37 of the EU GDPR:
GDPR Data Protection Officer
Christian Allner, B.A. M.A.
06110 Halle (Saale)
Mobile: +49 (0) 174 402 78 15
If you are unsatisfied with the response or are sure that we are collecting and processing your Personal Information in violation of the law, you can file a complaint to the relevant data protection authority. For further details, please refer to your local data protection authority.
We respond to all requests of individuals who wish to exercise their data protection rights in compliance with applicable data protection laws.
8.2.1. Marketing Communications
We may contact you about our news, events, Services and their features or special offers that we believe may interest you, provided that we have the requisite permission to do so, either on the basis of your consent (where we have requested it and you have provided it to us), or our legitimate interests to provide you with marketing communications where we may lawfully do so, within the limits provided by law. For these purposes, we may share your contact details with our vendors or business partners who provide the relevant services or functions on our behalf, including event organization, marketing, distribution of surveys customer service, or public relations. These third-party vendors have access to and may collect information only as needed to perform their functions on our behalf and are not permitted to share or use the information for any other purpose. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the unsubscribe instructions provided in any of the communications. You may also opt out from receiving marketing email from us by sending your request to us by email at firstname.lastname@example.org. Please be aware that, even after you opt out from receiving marketing messages from us, you will continue to receive administrative messages from us regarding the Services.
If you are a citizen of the European Union or an associated region, we offer you opt-out possibilities according to the Privacy and Electronic Communications Directive 2002/58/EC. Although we design our Services privacy-friendly you can always use external services, for example provided by the European Interactive Digital Advertising Alliance (EDAA) to circumvent targeted advertising or other forms of tracking. This applies to you if you are a citizen of one of these countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, United Kingdom.
You are able to withdraw your consent immediately by opting out from the services of third-party processors. We recommend to opt-out from the services of NAI (Network Advertising Initiative), DAA (Digital Advertising Alliance), and EDAA (European Interactive Digital Advertising Alliance) via their interfaces:
You may also opt out from us by sending your request to us by email at email@example.com. Please be aware that, even after you opt out from certain Services, you can receive administrative messages from us depending on the subject.
We will not knowingly collect Personal Information of children under the age of 18. Any individual providing us with Personal Information through our Website and using our Services must confirm that he is aged 18 and above. If we discover that the user is under the age of 18, we will delete the data from our servers. We reserve the right to request age confirmation at any stage in order to confirm that children do not use the Services.
You can also contact us at the following address:
16192 Coastal Highway
Lewes, DE 19958
United States of America