These terms are designed to protect the interests of all our customers and we believe that whilst they are not onerous or over proscriptive, they properly reflect best practice in email marketing.
We are required to draw your attention to the anti-spamming and data protection requirements incorporated into the European Union General Data Protection Regulation (GDPR 2016/679). The terms herein fully meet and comply with GDPR - Annex 1. Of particular note, JC Peters Ltd, as a UK registered company securely holds all customer data in our ISO 27001 compliant Tier 4 data centre in Milton Keynes, England. As required by GDPR, these Terms and Conditions once accepted by signature by yourself form a contract between JC Peters Limited and yourself.
JC Peters Ltd is registered with the Information Commissioners Office (ICO registration number: ZA090776) and undertakes all its operations through Email Blaster under the laws and statutes of English law. Email Blaster is fully compliant with the GDPR 2016/679 in all regards and pertaining to the holding and processing of data held for and on behalf of its customers.
Email Blaster is committed to the eradication of spam and supports all agencies in the fight against it. Our terms of service reflect our compliance with all anti-spamming measures.
1.GENERAL TERMS OF TRADE
Email Blaster (hereinafter the licensor) agrees to provide the services of its Email Blaster software and hardware (hereinafter the Software and Hardware) to you (hereinafter the licensee) for the purposes of allowing the licensee to send broadcast emails. We provide this service on the basis of GDPR compliance undertakings you give us as set out in Articles 4,5 and 6 by the issuing of a license to use the software (the License) and the permissions and protocols thereof.
The licensee agrees and undertakes;
To pay to the licensor in a timely manner all fees, charges and payments required by the licensor and agreed by the licensee in accepting the terms for the provision of the software for the execution of the email service.
Any email transmitted by the licensee using the licensor's online email marketing software and hardware is fully compliant with the terms of service as set out herein.
Any breach of these terms of service may result in action being taken by the licensor up to and including withdrawal of the services and products supplied and termination of the licensee's account at no notice and without compensation or refund. Such breach shall be determined entirely at the discretion of the Licensor.
All emails transmitted will not have content that is illegal, in breach of a third party’s rights or likely to cause offense by example but not limited to: defamatory, libellous, pornographic or likely to offend, conveying information that is or may be considered illegal within the laws of the country of distribution, in breach of third party copyright or trademark rights.
To comply with the requirements of GDPR 2016/679 (summarised in Annex 1), in particular but not limited to: collection, collation and storage of email lists, compliance with Positive Opt-In (POI), use of lists satisfying the requirements of POI.
The licensor has no legal or otherwise liability that may arise as a result of the content and/or the transmission of an email to a third party by the licensee. The licensee accepts full responsibility for any legal action or claim for damages that may arise directly or indirectly as a result of the receipt of the email originating from the licensee using the software and hardware and will hold the licensor harmless as a result of such action or claim for damages.
For the avoidance of doubt, this means that;
The licensee will be bound to defend such action and will meet all legal costs arising as a result of such an action both for the licensee and for the licensor.
The licensee will be liable for any damages resulting from such action on behalf of the licensee and the licensor.
The licensor agrees and undertakes;
- To provide the services of the software for the transmission of emails to email lists uploaded by the licensee.
- That all email lists uploaded by the licensee remain the property of the licensee.
- Not to copy, modify, delete (unless as specified in Article 10, cancellation) or pass to a third party in part or in total, email lists and email content belonging to the licensee unless as required by the software for the sole purpose of executing the licensees legitimate interests or by the agreement of the licensee.
- That all data belonging to the licensee and issued to the licensor for the purposes of use of the Software and Hardware, including but not limited to; address lists, email lists, graphic and software composites, customer details of any sort, is, unless at the request of and written authority of the licensee, stored within England in a secure environment and in a manner fully compliant with the GDPR 2016/679. For the purposes of further clarification, data storage is at our Tier 4 data centre in England (Secure compound, includes 24 hour security, access to data centre by nominated personnel only, reinforced steel intrusion prevention, onsite CCTV, ISO 27001 certified.)
- To hold in confidence all details supplied by the licensee and in particular all information relating to email lists and/or content.
- To fully comply and certify in accordance with the requirements of GDPR 2016/679 - Annex 1.
2. USER COMPLIANCE REQUIREMENTS
User compliance required by the licensee for the use of the software and hardware:
- Any broadcast dispatched using Email Blaster software will prominently display the option for the recipient to opt-out from any further broadcasts. The Licensee shall not alter, deface or remove this Opt-out display.
- For any email addresses mailed using the software the recipient must have already opted-in to receive e-mail advertising and marketing in accordance with the POI guidelines of Articles 3,4 and 5.
The licensee take full responsibility for and use best endeavours to ensure that no viruses or any malicious attachment or embedded code that could be damaging to the recipients I.T. equipment are contained within the email.
3. EMAIL ADDRESS COLLECTION
- Email addresses collected and used by the licensee for the use of the Software and Hardware.
GDPR requires that the following good practice guidelines are followed in the collection of POI approved Email addresses:
- Provide a statement of use whilst you gather details.
- Explain what individuals' details will be used for when requesting POI.
- Use of consent boxes which are already ticked is prohibited (Opt in must be by positive action).
- Provide a simple and fast manner for clients to opt out of promoting messages without charge.
- Promptly agree to opt-out requests from everyone, not simply those from individuals.
- Have a plan in place to care for unwanted marketing complaints.
- When you receive an opt-out request, keep a record of the individual or company (This way you'll have a report of who not to contact.)
4. THIRD PARTY PURCHASED/ACQUIRED EMAIL LISTS
The Licensee is required to observe that lists purchased or acquired commercially are often of unsubstantiated provenance and that unvalidated purchased lists are disallowed by all properly regulated email marketing software service companies internationally including Email Blaster. Use by the Licensee of Email lists purchased or acquired from a third party for email broadcast using the Software and Hardware requires additional undertakings by the Licensee in accordance with GDPR and this Article 4.
- The Licensee undertakes to ensure that any such purchased or acquired Email lists broadcast using the Software and Hardware have been generated, processed and stored in compliance with GDPR.
- Email databases must have been generated using a recognised POI process in compliance with GDPR and as summarised in Article 5. Only where GDPR compliance in the gathering, storing and processing of such purchased lists can be proven is a purchased list allowed. The Licensee undertakes to establish and, as may be necessary, prove such validity or request such proof from the list originator.
- Third party list will have been purchased or acquired from a GDPR compliant organisation. (a requirement of GDPR is that all data processing, storing and collection is undertaken by organisations registered and resident in the territories of the EU).
- Un-validated lists or lists of unknown or unsubstantiated provenance are a breach of GDPR and the Licensor does not allow use of such lists in any circumstances.
5. P.O.I - (Positive Opt-In)
The GDPR required POI process to obtain and validate email addresses for the purposes of email marketing is summarised as follows;
- The email address owner must either enter their email address into a sign- up box located on the list owner's website - or indicate a 'want to receive your emails' (e.g. by way of ticking a box in an HTML form).
a. The email address owner must be informed at the POI stage what use will be made of the address. For the avoidance of doubt, this includes, but not limited to, what businesses or organisations will be sending emails to the owner and for what purpose, i.e. emails from the POI requester solely or other businesses and organisations. (This means that a purchased list owner must have obtained POI on the basis that the email addresses can be used by the licensee for broadcast email purposes).
- opt-out - Note that any marketing email sent using the Email Blaster system will by default have an 'opt out' link-allowing the email address owner to click once and automatically be removed from future mailings. This link is hard coded in to every email sent and cannot be removed. It is located at the bottom of each email sent and is displayed in an easily viewable font, colour and size.
6. LICENCE AGREEMENT AUTHORISATION
Licensee will confirm agreement to the terms set out herein, prior to permission being granted by the licensor to send out email marketing and continued use of the software and hardware.
7. BREACH OF SPAMMING
In the event of breach by the licensee of anti-spamming GDPR requirements as set out herein and solely at its discretion, the licensor reserves the right to take appropriate action against the licensee in the event of evidence of a breach of anti-spamming requirements. Such grounds are summarised but not limited to;
- Examination of a licensee list indicating a significant level of 'harvested' or invalid addresses.
- Receipt of spam complaints arising from a mail out by the licensee.
- Receipt of complaints from an anti-spamming organisation, an ISP or any similar such organisation arising as a result of use of the software by the licensee.
8. SANCTIONS FOR MISUSE OF THE SOFTWARE AND HARDWARE
The licensor reserves the right to apply sanctions in circumstances where the licensor has grounds for believing that the licensee has been in material breach of these terms. It will be entirely at the reasonable discretion of the licensor in determining if there are legitimate grounds for concluding that the licensee is in material breach of the terms and what, if any, subsequent action will be taken.
In the event that the licensor has reasonable grounds to believe that the licensee has failed to comply with the terms set out here-in:
- The licensor may take whatever action is considered necessary up to and including immediate withdrawal of the service and termination of the licensees account without compensation entirely at the discretion of the licensor. Such grounds are summarised in paragraph 9.
- In the event of any such breach by the licensee leading to costs being borne by the licensor, the licensee will be liable to compensate in full the licensor for any such costs that may arise directly or indirectly as a result of such breach.
- All such sanctions will be applied entirely at the reasonable discretion of the licensor.
9. CONTRACT TERMINATION
The License to operate the Software may be cancelled by either Party without reason and on the terms set out in this Article.
- Monthly accounts (does not apply to: free, pay as you go accounts).
Unless otherwise by agreement, the license will be issued on a 30 day rolling contract. The license may be cancelled by either party by the giving of 30 days written notice to the other party. The 30 day notice period shall commence;
- in the case of cancellation by the Licensee, when a written confirmation of receipt of notice is issued by the Licensor to the Licensee (such confirmation to be issued within a reasonable time and typically within 24 hours of receipt of such notice).
- in the case of cancellation by the Licensor, when written notice is issued by the Licensor to the Licensee.
- The Licensor may, entirely at its discretion, charge the Licensee for any reasonable costs incurred following such cancellation as set out in this clause 11, including but not limited to; administration costs, unrecovered costs for work carried out by the Licensor for the Licensee, data processing and storage costs
- All invoices arising during the notice period shall be paid by the end of the period.
- The package option that was valid at the date of the issuing of the notice shall remain in force until the termination date at the end of the period.
Free, pay-as-you-go accounts.
Any Free or pay-as-you-go account without an active monthly subscription that has remained dormant (that is, has not been used to transmit emails) for a period of three months or more can be deleted by the licensor without any notice, any unused credits, apps, add-ons or similar will be forfeited and cannot be redeemed at a later date.
- Either Party may, in accordance with this Article, cancel the license without any reason being given and entirely at its own discretion.
10. LICENSEE DATA
Treatment of Licensee data including email lists upon termination of the License.
The Licensor has no obligation to store or hold historical data, campaigns or statistics for deleted or lapsed accounts. In accordance with protocols and GDPR requirements in respect to the retention of confidential information, for the avoidance of doubt such as - licensee’s email lists, templates, texts and any such similar data in whatsoever form; upon the termination of the License after the notice period specified in clause 11 has elapsed, the Licensor will irrevocably delete and eradicate all information, data and lists created by or belonging to the Licensee held or stored on equipment belonging to or used by the Licensor.
JC Peters Limited is a UK company registered in England and all contract terms here-in are within the jurisdiction of English law only.
GDPR Compliance. General Requirements.
GDPR 2016/679 defines the two parties to a data processing agreement as;
Controller. This is the owner or controller of the data (Email list) and is recognised by this agreement as the Licensee (you)
Processor. This is the processor of the data as contracted by the Controller and is recognised by this agreement as the Licensor (Email Blaster).
The data. For the purposes of these Terms and Conditions: The Email list(s).
Both the Controller and the Processor are required to comply with GDPR. Principal requirements of GDPR compliance are;
- A contract shall exist between the Controller and the Processor. These Terms and Conditions here-in form the contract once approval has been indicated (by signature) by the Licensee and Licensor.
- The Data will not be processed, held or in any way adapted by an organisation outside of the territories of the European Union.
- The Licensor (Email Blaster) undertakes and confirms that it is registered in England, has all operations and facilities in England and operates under the jurisdiction of English Law.
- The Licensee undertakes that Email lists have been gathered, stored and processed in accordance with the requirements of GDPR within the territories of the European Union,
- DPO - Data Protection Officer: The organisation shall have identified the individual who is responsible for data protection - see Emailblaster Certificate of Compliance.
- Data protection plan: The organisation shall have a plan in place to protect the confidentiality of data.
- Risk assessment:the risk of data being stolen, copied or accessed by an unauthorised third party is assessed and measures taken to mitigate that risk.
- Implement measures to mitigate risk.
- Have a response plan for data loss or unauthorised access.
- Have a process of review and testing for on-going compliance.
JC Peters Limited GDPR 2016/679 Certificate of Conformance