Privacy Policy

This Privacy Policy describes how we collect, use, share, sell, or otherwise disclose the information we collect about you, and applies to our collection via our website properties (including http://www.gratefulmail.org) (our “Sites”) and/or when you use or otherwise engage with our products and services (our “Services”), including Services that allow advertisers to more effectively target ads to end-users. We are (together “Active Mail” “we,” “us,” or “our”).

This Privacy Policy does not cover the privacy practices of third parties that we do not own or control.

Your Personal Information (defined below) may be processed and stored in other countries (including the United States) where laws regarding processing of Personal Information may be less stringent than the laws in your country. Your Personal Information will not, however, be used or disclosed for purposes for which you have not given consent or that are not permitted under applicable law. In jurisdictions where implied consent is allowed, you consent to the terms of this Privacy Policy by using our Services and/or Sites.

It is important to note that we may provide third party content or links to third-party websites or applications, or include features that allow you to connect your account with third parties, such as financial institutions or social media platforms like Facebook.

Anytime you leave our Sites or interact with third-party features or websites, you should also read the applicable third party’s privacy policies and terms of service to make sure you understand how they might collect and share information about you (approaches and philosophies can be different).

Before submitting information to or through our Sites or Services, please review this Privacy Policy carefully. (If you have not done so already, please also review our Terms and Conditions.)

When you use, access or interact with us, our Sites, or engage our Services, you are agreeing to the terms of this Privacy Policy and our Terms and Conditions and consent to how we collect, share, process, and otherwise use information about you as described in this Privacy Policy and our Terms and Conditions, as the two form a binding and enforceable agreement between you and us.

By using our Sites and/or purchasing Services from us, you agree to be bound by this Privacy Policy and our Terms and Conditions.

Information We Collect About You

As you use the Sites and/or our Services, certain information may be passively collected and stored on our or our service providers’ server logs about how you interact with the Sites and/or our Services, including your Internet protocol address, unique personal identifier (advertising or device ID), online identifier/browser fingerprint, domain name, browser type, mobile services provider, MAC address, type of device, operating system, applications installed on the device, web pages viewed, access date and time, and referring website address and website address of the web page you visit after you leave the Website and/or Services (“Usage Information”).

We or our service providers may also place small data files on your computer or other device. These data files may be cookies, pixel tags, Flash Cookies, Silverlight Cookies, or other local storage provided by your browser or associated applications (“Cookies”). Some information collected may be Personal Information. We may use Cookies and navigational data like Uniform Resource Locators (“URL”) to gather information regarding the date and time of your visit and the information for which you searched and viewed. In order to use the Sites and/or our Services, your web browser must accept Cookies. Cookies may be used by partners, advertisers, and ad servers to promote our products and/or services.

We use these technologies to:

  • Recognize you as a customer;
  • Customize our content and advertising;
  • Measure promotional effectiveness;
  • Help ensure that your account security is not compromised;
  • Mitigate risk and prevent fraud;
  • To promote trust and safety across our Sites;
  • To make our Services and solutions more useful to you;
  • To tailor the experience with us and our Sites; and
  • To ensure our Services meet your special interests and needs.

We also engage in remarketing using third-party remarketing sites to market our Sites across the Internet. When a user visits our Sites, a cookie is placed on the user’s computer. Users with this cookie may be targeted across advertising networks to receive relevant advertisements. You may opt out of this, but opting out does not cover the privacy practices of any advertisers or ad servers. In addition, if you choose to disable Cookies, some aspects of the Sites and/or the Service may not work properly, and you may not be able to receive the Services, in full or in part.

An “Internet protocol address” or “IP Address” is a number that is automatically assigned to your computer when you use the Internet. In some cases your IP Address stays the same from browser session to browser session; but if you use a consumer internet access provider, your IP Address probably varies from session to session. We, or our service providers, may track your IP Address when you access the Sites or our Services to assist with ad targeting.

To help advertisers provide ads that are relevant to your interests, we automatically collect information about your browsers and devices when you (or others using your browsers or devices) access or use websites or mobile applications that incorporate our Services. We may use various technologies to collect this information, including cookies, pixel tags, web beacons, server logs, browser fingerprinting, HTML5 local storage, Flash local shared objects (LSOs), statistical identifiers, mobile advertising identifiers (such as IDFA and Android Advertising ID), software development kits (SDKs), server-to-server transfers, and non-cookie technologies. While we collect these specific pieces of information, we do not store or retain these specific pieces of information. This category of information is Internet and other, similar network information.

Information We Collect Directly from You

To order or otherwise engage our Services and to allow us to process your transaction with our merchant services provider, you must provide information that identifies you, such as your name, billing address, e-mail address, telephone number, and financial information such as your credit/debit card number (and related credentialing information) so that we can process your payment for Services ordered. We also collect information about the Services you order. These categories of information are called identifiers, personal information categories, and commercial information.

In some instances, you may also set up an account with us that will require you to provide identifying information such as your name and contact information, including email. In setting up an account, you will also choose a username and password that will be relevant only to you and must be kept secure by you.

Following a transaction, your credit card information is not stored on our servers.

Your business contact information may be provided to third party service providers only to the extent necessary to provide you with the products & services that we offer you through the Sites, i.e., for payment processing, confirmation of your order, and to communicate with you regarding your order.

If you send an email to us, we will collect your email address and the full content of your email, including attached files, and other information you provide. We may use this email address to contact you. You may indicate your preference to stop receiving further promotional communications by following the instructions in those communications or by reaching out to us using our contact information provided below. Some of the emails we send to you may include a click-through link. Before you arrive at the linked website, you pass through our servers. We track these ‘click-throughs’ to help us determine your interest in particular topics and measure the effectiveness of our customer communications. In addition to ‘click through’ data, we may also collect, store, and analyze other Usage Information about the products and services we offer our customers.

Prospective customers may provide contact information through our Sites to find out more about OBM and to be contacted by an OBM representative. OBM (and its agents and service providers) may use this information to respond to your request, to send you marketing communications, and for business purposes such as marketing and research. We will not rent or sell this information to other companies. You may opt out of receiving promotional emails from OBM by following the instructions in those emails. If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations. OBM will use any other information submitted on our Sites for the purpose for which it was collected, including to respond to your inquiry.

How We Use Information We Collect About You

  • To provide Services to customers;
  • To supplement, enhance, target and/or suppress existing customers from client campaigns;
  • Enforcing our agreements with you;
  • Sending you important administrative information regarding you, the Sites, or the Services;
  • Delivering information requested by you, for example, in response to a technical support request;
  • To deliver marketing materials to you;
  • For promotions you may enter into;
  • For personalizing the types of information that you receive from us;
  • Customizing, improving and developing content and functionality that helps us better serve your needs;
  • Facilitating communication between us and you;
  • Effectuating your opt-out;
  • Providing you with information that we think may interest you, such as company news and certain products, and active campaigns;
  • Developing aggregated, non-identifiable data that may be used for our business purposes;
  • Sending you important administrative information regarding you, the Sites or the Services; and
  • In preventing fraud and other prohibited or illegal activities.

We and our business partners also may combine different types of information collected from or about you through various sources, including Personal Information, and use the combined information for the purposes described in this Privacy Policy.

How We Share Your Information

We do not sell the information we collect to third parties, but we may share the information we collect as follows or as otherwise described in this Privacy Policy:

  • With vendors, consultants, and other service providers who need access to such information to carry out work or perform services on our behalf;
  • In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, rule, regulation or legal process;
  • If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property or safety of OBM or others;
  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
  • Between and among OBM and any current or future parent, subsidiary and/or affiliated company;
  • With our business partners for the purposes described in this Privacy Policy;
  • With your consent or at your direction;
  • To select and serve advertisements that we or our business partners think may be of interest to you;
  • To measure and analyze trends, usage, and the effectiveness of our Services and the advertisements we and our business partners serve;
  • As required to do so by law or in the good-faith belief that such action is necessary to investigate, protect or defend the rights, safety or property of us, our customers or the public; to investigate or enforce perceived violations of our Terms and Conditions or this Privacy Policy; as evidence in litigation in which we are involved; and for fraud protection and credit risk reduction purposes;
  • As we may otherwise inform you.

We may also share aggregated information, which cannot reasonably be used to identify you, with third parties. For example, we may share aggregated information with our business partners to help them optimize their services.

Your Choices

If you want to limit the information that is automatically collected while you use our Sites, most Web browsers allow you to disable cookies. If you choose to disable cookies, you may not be able to use or participate in some or all of the features offered through the Sites.

Minors

The Sites are not intended for use by children under the age of 18. We do not knowingly collect or use any personally identifiable information from children under the age of 18. If we learn that we have collected the personally identifiable information from any such children, we will take steps to delete the information as soon as possible.

Links

The Sites may contain links to third-party websites. We are not responsible for the privacy practices or the contents of such other websites. Please read the privacy statements of each website you visit. This Privacy Policy applies solely to information collected by us through the Sites. Any links to other websites are for your convenience and do not signify our endorsement of such websites or their contents.

Notice to Residents of Countries Outside the United States

OBM is headquartered in the United States. Personal information may be accessed by us or transferred to us in the United States or to our business partners, service providers, vendors or consultants elsewhere in the world. If you are located outside of the United States, be advised that any information you provide to us will be transferred to and stored in the United States and that, by submitting information to us, you explicitly authorize its transfer and storage within the United States. We will treat personal information according to this Privacy Policy regardless of where it is processed or stored.

California Privacy Rights Notice (the “Notice”)

This portion of the Privacy Policy applies solely to California Consumers (“consumers” or “you”). We have adopted this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws.  The purpose of this Notice is to provide you with a description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights you have regarding your personal information. As used in this Notice, any terms defined in the CCPA have the same meaning when used in this Notice.

Shine the Light

Pursuant to Section 1798.83-.84 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, what types of personal information, if any, the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information in the immediately preceding calendar year. To access this information, please contact us by emailing [email protected] with “CA Shine the Light Request” in the subject line. Please note that, under the law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email.

California Consumer Privacy Act (“CCPA”)

Your Right to Know About the Personal Information We Collect About You

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). The Sections above titled “Information We Collect About You”, “How We use Information We Collect About You”, and “How We Share Your Information” set forth the categories of personal information that we collect and process about you, a description of each category, and the source of how we obtain each category.

Your Rights and Choices

Under California Laws, California residents can exercise three privacy rights (Disclosure and Access; Deletion; and “Do Not Sell My Personal Information”) (collectively, “Rights”). Since we do not sell information, based on our understanding of the definition of “sell” in the CCPA, that right will not be discussed in any more detail. These Rights are not absolute and are subject to certain exceptions, including to the extent we receive the information from an employee (including an owner, director, officer, or contractor) of an organization solely within the context of the business conducting due diligence regarding, providing, or receiving products or services to or from the organization.

If you are a California consumer, we will process your request to exercise your Rights in accordance with California Laws.

A record concerning the requests may be maintained pursuant to our legal obligations. Further, we may charge a reasonable fee or refuse to act on a request if such a request is excessive, repetitive, or manifestly unfounded.

Disclosure and Access Requests

You have the right to request that we disclose to you, for the 12-month period immediately preceding the date of your request to know the following:

Categories of Personal Information Request

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • If we disclosed your personal information for a business purpose, a list disclosing:
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Specific Pieces of Information Request

  • The specific pieces of personal information we collected about you (also called a data portability request).

When a request for disclosure is made, we will first take steps to verify your identity to protect your privacy and security. For requests to disclose categories of personal information collected, we will have the requestor provide at least two pieces of information so that we may verify the requestor’s identity to a reasonable degree of certainty. For requests to disclose specific pieces of personal information collected, we will have the requestor provide at least three pieces of information so that we may verify the requestor’s identity to a reasonably high degree of certainty and additionally provide a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request. We are required to retain the signed declarations as part of our record-keeping obligations for 24 months.

Please note that we will never disclose a consumer’s social security number, driver’s license number, or another government-issued identification number, financial account number, any health information or medical identification number, an account password, or security questions and answers in response to a disclosure request.

Please note additionally that we are only required to fulfill a Disclosure request from a consumer twice per every 12-month period. If you submit a request in excess, it may be denied or you may be charged for fulfilling your request.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Given the type of personal information we collect, for requests to delete personal information collected, we will have the requestor provide at least two pieces of information so that we may verify the requestor’s identity to a reasonable degree of certainty. We are required to retain the requests to delete for a period of 12 months as part of our record-keeping obligations.

Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. A deletion request may be denied, in full or in part, if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Disclosure and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request and, to the extent necessary, to identify the browser/device that is the subject of the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response electronically.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data disclosure requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Household Requests

We currently do not collect household data. If all the members of a household make a Right to Know or Right to Delete request, we will respond as if the requests are individual requests.

Request Made Through Agents

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, verify the agent’s identity, and we may need you to verify your identity directly with us. (The verification requirement does not apply if the consumer has provided the authorized agent with legal power of attorney under California Probate Code Sections 400 to 4465.)

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Data Retention

We will retain your information for as long as your account is active or as needed to provide you or our clients with Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Security

OBM uses commercially reasonable technical, administrative, and physical safeguards to protect your information against loss or unauthorized access, use, modification, or deletion. However, no security program is 100% secure, and thus we cannot guarantee the absolute security of your information.

Data Security

The Sites have encryption and security measures in place to protect the loss, misuse, and alteration of the information under our control.

Secure servers are used when you place an order on our website. We use SSL (secure sockets layer), a security protocol that allows sensitive information to be transmitted securely. The SSL encrypts all personal and credit card information you send through the website.

All customer data is protected against unauthorized access through password-protected databases.

Changes To This Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact

Civic Post
Our postal address is 5318 E Second St.
Long Beach, CA 90803-5324

We can be reached via e-mail at [email protected]