MailBNB Privacy and GDPR Compliance Policy

Effective Date: 01.01.2025

This Privacy and GDPR Policy (“Policy”) describes how MailBNB as Private Social AG (“MailBNB”, “we”, “our” or “us”) collects, processes, and protects personal data when providing our email delivery and automation services (the “Services”) and when operating our business-to-business website at www.mailbnb.com (the “Site”).

MailBNB is committed to maintaining the highest standards of data protection, transparency, and accountability.

1. Our Role Under GDPR

Under the EU General Data Protection Regulation (GDPR):

• MailBNB acts as a Data Processor when we process personal data on behalf of our customers (the “Controllers”) in connection with their use of our Services.
• MailBNB acts as a Data Controller for the personal data we collect directly from our own customers, prospects, suppliers, and website visitors in the course of running our business (for example, for account management, billing, and marketing).

When acting as a Processor, MailBNB processes personal data solely according to the written instructions of the Controller (our customer) and in accordance with our Data Processing Agreement (DPA) and applicable data protection laws.

2. Data We Process as a Processor

When you use MailBNB’s Services to send or manage emails, we may process, on your behalf:

• Recipient email addresses and associated metadata
• Message content (subject lines, body text, attachments)
• Delivery, open, click, and bounce data
• Technical data required for message routing, authentication, and deliverability (e.g., IP addresses, message IDs, timestamps)

MailBNB processes this data solely to provide, maintain, and improve the Services, in accordance with the customer’s instructions and our contractual obligations. We do not sell, share, or use customer data for independent marketing or profiling purposes.

3. Data We Process as a Controller

When you interact with MailBNB directly (for example, by visiting our website, creating an account, requesting a demo, or receiving marketing communications from us), we may collect and process:

• Business contact data: name, company, position, email, phone, and business address
• Account and billing data: payment information, invoices, and account history
• Website usage data: IP address, device information, browser type, referral URLs, and cookie identifiers
• Marketing preferences: opt-in records, communication history, and responses to campaigns

We process this data to:

• Provide and manage customer accounts
• Communicate about product updates, demos, and support
• Manage billing and contracts
• Improve our website and services
• Comply with legal obligations

You can opt out of marketing communications at any time by clicking “unsubscribe” in any email or contacting us at dpo@mailbnb.com

4. Lawful Bases for Processing

MailBNB relies on one or more of the following lawful bases for processing under GDPR:

• Performance of a Contract – when processing data to provide the Services to our customers.
• Legitimate Interests – to improve our services, ensure network security, and communicate with existing customers.
• Consent – when required for marketing communications or cookie use.
• Legal Obligation – to comply with tax, audit, or regulatory requirements.

5. Data Retention

MailBNB retains personal data only as long as necessary to fulfill the purpose for which it was collected, including to comply with legal, accounting, or reporting obligations.

Data processed on behalf of customers (as Processor) is retained and deleted according to the Controller’s instructions or our Data Processing Agreement.

6. Data Security

We employ appropriate technical and organizational measures to protect personal data, including:

• Encrypted data transmission (TLS/SSL)
• Secure storage and access controls
• Regular vulnerability assessments and infrastructure monitoring
• Restricted employee access on a need-to-know basis
• Employee confidentiality and security training

7. Subprocessors

MailBNB may engage trusted third-party subprocessors (e.g., infrastructure providers, analytics, or support tools) to assist in providing the Services.

Each subprocessor is subject to contractual data protection obligations consistent with GDPR standards. A current list of subprocessors is available upon request at dpo@mailbnb.com

8. International Data Transfers

MailBNB operates globally and may transfer personal data outside the European Economic Area (EEA). When doing so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent legal mechanisms ensuring an adequate level of protection.

9. Data Subject Rights

Depending on your location, you may have rights under data protection law, including:

• Access to your personal data
• Correction of inaccurate or incomplete data
• Deletion of personal data (“right to be forgotten”)
• Restriction or objection to processing
• Portability of your data to another service provider
• Withdrawal of consent where processing is based on consent

Requests can be made to dpo@mailbnb.com.

If we process your data on behalf of a customer (as Processor), we will forward your request to the relevant Controller.

10. Cookies and Tracking

We use cookies and similar technologies to provide and improve the Site, analyze usage, and enhance user experience.

You can learn more or adjust your preferences in our Cookie Policy.

11. Compliance with Laws and Enforcement

MailBNB complies with the GDPR, UK GDPR, CCPA, and other applicable privacy laws.

We maintain internal records of processing activities and regularly review our policies and procedures for compliance.

If we become aware of a data breach that affects your personal data, we will notify you and/or the relevant supervisory authority in accordance with applicable law.

12. Updates to This Policy

We may update this Privacy & GDPR Policy from time to time.

Any changes will be posted on this page with a new “Effective Date.” Continued use of the Services constitutes acceptance of the revised version.

13. Contact Information

Private Social AG. — Data Protection Office
Email: dpo@mailbnb.com
Website: https://www.mailbnb.com

If you are an EU resident, you also have the right to lodge a complaint with your local data protection authority.