1. Identity of Postus
If there are any questions regarding this Privacy Policy you can contact Postus using the details below:
Objectis Ltd.
Menulio 11
LT-04326 Vilnius
Lithuania
Company registration number: 304037472
2. What information do we collect?
You may visit our site anonymously although cookies are used to identify your session.
2.1. Contact form data
If you choose to use the inquiry form on our website, basic contact details are collected such as the email and name of the contact person.
2.2. Account data
When you register for an account, we collect and store your e-mail address.
2.3. Membership data
In order to issue an invoice for paid services, we also need to collect additional contact details about you or your business, such as full name, email, contact address, business name, and business activity. We do not collect or store your credit card information. All payments are collected using PayPal or Stripe payment processing systems, therefore we also store PayPal or Stripe transaction ID.
When you create or edit a Postus item, we collect your direct input, which is a website domain name for use of Postus service (the “Service”) and possible content and settings for the Cookie Policy pop-up notification box (the “Pop-up”) displayed on the website visitor (“End Users”).
2.5. End User data
End-User data can be collected only if you have a proper subscription to the Postus website. If enabled, Service can automatically log the following data about End Users:
- An anonymous and random key (the “Key”);
- End User’s choice (accept or reject);
- Anonymized End User’s IP address (last digits after “.” are set to 0);
- Date and time of End User’s agreement/rejection;
- The page where consent was given/revoked;
- End User’s browser agent.
The Key together with the Consent state is saved in the End User’s browser as a first-party cookie called “CookieScriptConsent” in JSON encrypted form. This information is later used by the Service to remember the End User’s choice. The key can be found in the Cookie Consent Banner > About cookies tab. The Key can also be used as proof of the End User’s consent. The Key is not considered personally identifiable information.
2.6. Automatically generated data
The service automatically generates statistical data (if enabled in settings for Postust Item) which is the number of clicks on each button of the Pop-up and Cookie Category preferences. This data is aggregated (clicks per day) and cannot be used to identify a particular End User.
3. What do we use your information for?
Any of the information we collect may be used for one or more of the following purposes:
- To answer your inquiry;
- To contact you regarding our services;
- To identify you as a contracting party;
- To enable Postus to issue valid invoices and to process transactions;
- To enable secure login for you in the Service;
- To enable automated subscription handling;
- To provide you with automatically generated information on the End User clicks on the Pop-up buttons.
4. Legal basis
4.1. EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If you are a resident of the EEA, you have the following data protection rights:
- If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing support@postus.ai. Additionally, you can delete your account information by clicking the “Delete profile” button in your account > Profile section.
- In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing support@postus.ai.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
4.2. Children’s Online Privacy Protection Act Compliance
Postus is in compliance with the requirements of GDPR 2018. We will not intentionally collect any information from anyone under 13 years of age. Our website and services are directed at people who are at least 13 years old or older.
5. How do we protect your information?
Postus does not store any personally identifiable information about you online or using cloud storage unless those organizations comply with GDPR. DigitalOcean, LLC and Amazon Web Services, Inc. and Hetzner Online GmbH are such organizations.
5.1. Confidentiality
All data is protected by password access. We do not request or keep financial information such as your bank account details. All personnel and subcontractors are required to sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.
5.2. Transparency
Postus will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured, and used.
5.3. Monitoring
Postus uses different internal and external monitoring tools to ensure high system performance and availability.
5.4. Personal Data breach notification
In the event that your data is compromised, Postus will notify you and the ICO within 72 hours by email with information about the extent of the breach, affected data, any impact on the Service, and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed in connection with the provision of the service.
6. How we use cookies
Cookies are small text files that are placed on your computer by websites that you visit. Websites use cookies to help users navigate efficiently and perform certain functions. Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser.
- Strictly necessary cookies. Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.
- Targeting cookies. Targeting cookies are used to identify visitors between different websites, e.g. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.
- Performance cookies. Performance cookies are used to see how visitors use the website, e.g. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.
You can change your consent to cookie usage below
Strictly Necessary
Name | Provider / Domain | Expiration | Description |
_GRECAPTCHA | Google LLC .google.com | 6 months | Cookie used by ReCaptcha functionality to allow anti-bot validation in different forms. |
tapfiliate_ref_click | cookie-script.com | 1 month 15 days | This cookie is used to identify affiliate that visitor used to access the website. |
[abcdef0123456789]{32} | cookie-script.com | Session | Session cookie used by Cookie-Script.com to identify current visitor. |
CookieScriptConsent | CookieScript cookie-script.com | 1 month | This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly. |
Performance
Name | Provider / Domain | Expiration | Description |
_gid | Google LLC .cookie-script.com | 1 day | This cookie name is associated with Google Analytics. It is used by gtag.js and analytics.js scripts and according to Google Analytics this cookie is used to distinguish users. |
_ga | Google LLC .cookie-script.com | 2 years | This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. |
Targeting
Name | Provider / Domain | Expiration | Description |
_gat_gtag_UA_43724428_1 | .cookie-script.com | 1 minute | This cookie is part of Google Analytics and is used to limit requests (throttle request rate). |
VISITOR_INFO1_LIVE | Google LLC .youtube.com | 6 months | This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites;it can also determine whether the website visitor is using the new or old version of the Youtube interface. |
_gcl_au | Google LLC .cookie-script.com | 3 months | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services |
test_cookie | Google LLC .doubleclick.net | 15 minutes | This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor’s browser supports cookies. |
IDE | Google LLC .doubleclick.net | 1 year | This cookie is set by Doubleclick and carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. |
_gac_UA-43724428-1 | .cookie-script.com | 3 months | Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. |
YSC | Google LLC .youtube.com | Session | This cookie is set by YouTube to track views of embedded videos. |
Functionality
Name | Provider / Domain | Expiration | Description |
__stripe_mid | Stripe Inc. .cookie-script.com | 1 year | This cookie is associated with Calendly, a Meeting Schedulers that some websites employ. This cookie allows the meeting scheduler to function within the website. |
__stripe_sid | Stripe Inc. .cookie-script.com | 30 minutes | This cookie is associated with Calendly, a Meeting Schedulers that some websites employ. This cookie allows the meeting scheduler to function within the website. |
Unclassified
Name | Provider / Domain | Expiration | Description |
gclid_info | .cookie-script.com | 1 month | |
_gcl_aw | .cookie-script.com | 3 months | |
DEVICE_INFO | .youtube.com | 6 months | |
m | m.stripe.com | 2 years |
7. Do we disclose any information to outside parties?
Postus does not sell, trade, or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
7.1. Subcontractors/trusted third parties
The subcontractors of Postus are:
- DigitalOcean, LLC
- PayPal Pte. Ltd.
- Stripe Payments Europe Ltd.
All of these companies have implemented all necessary standards to comply with GDPR.
7.2. Legally required disclosure
Postus will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from Postus, we strive to limit the disclosure. Postus will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Postus will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
8. Third-party services
You may access other third-party services through the Services, for example by clicking on links to those third-party services from within the Services. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.
9. Where do we store the information?
No stored data will be transferred, backed up, and/or recovered by Postus outside of the European Union. Postus also requires its subcontractors and sub-processors to either store data in the European Union, or to adhere to the EU-US Privacy Shield.
9.1. Personal data location
All data and databases are stored on Postus vendor, DigitalOcean, LLC in Amsterdam. Databases and files are continuously backed up to enable restoration to any point in time within a retention period of 30 days. Backups are stored on file storage at the same geographical location as the database.
10. Data access
If you are a registered user, you may access information associated with your Account by logging into our Services.
You may at any time obtain confirmation from Postus as to whether or not personal data concerning you is being processed.
On your Account Page, you can at any time export a data copy, which you may transmit to another controller of the data.
11. Request for rectification, restriction, or erasure of the personal data
11.1. Rectification
You may at any time obtain rectification of inaccurate personal data about you.
11.2. Restriction of processing personal data
You may at any time request Postus to restrict the processing of personal data when one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling Postus to verify the accuracy of the personal data;
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
- if Postus no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims.
11.3. Erasure
You may without undue delay request the erasure of personal data concerning you, and Postus shall erase the personal data without undue delay when one of the following applies:
- if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
- if the personal data have been unlawfully processed; or
- if the personal data have to be erased for compliance with a legal obligation in EU or national law.
You can also remove your account data yourself on the Account Page. If you have any Membership data associated with your account, it will not be removed automatically when deleting Account data by you.
12. Data retention
12.1. Data retention policy
Membership data due to tax regulations will be retained for up to three fiscal years from the cancellation of your Service account.
End-User Data and Account data will be erased immediately when you delete profile in the Service account settings or request your data to be deleted.
12.2. Data retention for compliance with legal requirements
You cannot require Postus to change any of the default retention periods, except for the reasons linked to compliance with specific laws and regulations.
13. Your consent
By using our site and/or our Service, you consent to this Privacy Policy.
By using our Service, you consent to the Terms of Service.
14. Changes to our Privacy Policy
This Privacy Policy may be modified from time to time, so please review it frequently. If we materially change the ways in which we use or share personal information previously collected from you through our Service, we will notify you through our Service.
Changes to Privacy Policy will appear on this page, and the Privacy Policy modification date will be updated (the date at the top of this page).
15. Complaint
You may at any time lodge a complaint with a supervisory authority regarding Postus’ collection and processing of your personal data with the State Data Protection Inspectorate https://www.ada.lt