Privacy policy

  1. Definitions
    1. Data Subject is a natural person about whom SendExpert has got information or data enabling to identify the natural person. Data Subjects are, for example, the Clients, Visitors and cooperation partners, as well as the employees who are natural persons and whose personal data are held by SendExpert.
    2. Privacy Policy is this text which sets out the principles for Personal Data Processing by SendExpert.
    3. Personal Data is any information concerning an identified or identifiable natural person.
    4. Personal Data Processing is any operation or set of operations which is performed on the Personal Data of a Data Subject, such as collection, recording, organisation, structuring, storage, alteration and disclosure, enabling an access to, retrieval, consultation, use, transmission, cross-checks, alignment or combination, restriction, erasure or destruction of Personal Data, irrespective of the manner of performing these operations or the means exploited.
    5. User is any natural or legal person that uses or has expressed a desire to use the Services of SendExpert.
    6. Agreement is the SendExpert Service Agreement or any other agreement entered into between SendExpert and the User.
    7. Terms of Use set forth the general terms and conditions applied to the entry into an Agreement with SendExpert.
    8. Website means the websites of SendExpert, available on,,
    9. Visitor is any person using the Website of SendExpert.
    10. Child’s Consent Age in the context of Personal Data Processing is at least 16 years in relation to the offer of information society services directly to a child.
    11. Services are any services and products offered by SendExpert.
    12. Cookies are the data files sometimes recorded in the device of a Visitor of the Website.
    13. Data Protection Officer of SendExpert is the person who monitors the implementation of the Personal Data Processing principles at SendExpert and who can be contacted by the Data Subject in case of a complaint.
    14. Personal Account is the Personal Account of the Data Subject which primarily provides an access to the digital products of SendExpert and through which the Users identify themselves
  2. General provisions
    1. SendExpert is the legal person Yudjes OÜ, registry code 14383476, (official address can be found in the public website of Estonian Commercial Register). SendExpert is a member of the Yudjes.
    2. SendExpert resolves all issues in relation to the protection of Personal Data in Estonia in conjunction and cooperation with the Estonian Data Protection Agency.
    3. SendExpert may process Personal Data as:
      1. a controller, while determining the purposes and means of processing;
      2. a processor in accordance with the instructions from the controller; and
      3. a recipient to the extent to whom the Personal Data are transferred.

      The list of the processors of SendExpert and other data are available for examination (see section 13: Important Documents, Guidelines and Procedures).

    4. This Privacy Policy of SendExpert constitutes an inseparable part of the Agreement and Terms of Use entered into between SendExpert and the User.
    5. The Privacy Policy shall apply to the Data Subjects, and the rights and obligations set out in the Privacy Policy shall be followed by all the employees and cooperation partners of SendExpert who come into contact with the Personal Data that are in the possession of SendExpert.
    6. For the natural persons this Privacy Policy and General Data Protection Regulation of the European Union (GDPR) applies i.e. when you are a data subjects in the European Union within the meaning of the GDPR article 3. The Privacy Policy may supplement the privacy statements published on the Website or in the devices, and the Privacy Policy may also be amended and supplemented by the same.
  3. Principles
    1. The objective of SendExpert is to Process Personal Data responsibly, based on the best practice, with the aim of always being prepared to demonstrate the conformity of Personal Data Processing to the established purposes, and SendExpert shall always take into account the interests, rights and freedoms of Data Subjects.
    2. All the processes, guidelines, operations and activities of SendExpert that are related to Personal Data Processing are based on the following principles:
      1. Lawfulness. There is always a legal basis for the Processing of Personal Data, i.e. consent;
      2. Fairness. Personal Data Processing shall be fair, while providing a Data Subject with sufficient information and communication on how the Personal Data are Processed;
      3. Transparency. Personal Data Processing shall be transparent for the Data Subject, including via the Personal Account created for the very same purpose;
      4. Purposefulness. Personal Data shall be collected for legitimate purposes that have been established precisely and clearly, and shall not later be processed in any manner which is in conflict with these purposes;
      5. Minimisation. Personal Data shall be adequate, relevant and limited to what is necessary for the purpose of Processing the given Personal Data. SendExpert shall be guided by the principle of minimum Processing in Personal Data Processing, and as soon as the Personal Data are no longer necessary or are no longer needed for the purposes for which they were collected, the Personal Data shall be deleted;
      6. Accuracy. Personal Data shall be correct and shall be updated as necessary, and all reasonable measures shall be taken to ensure that Personal Data which are incorrect in the light of the purpose of Personal Data Processing shall be deleted or corrected without delay. For this purpose SendExpert has created the Personal Accounts, through which Data Subjects themselves can check the timeliness of their data and correct the data as needed;
      7. Limit of storage. Personal Data shall be stored in the format enabling the identification of Data Subjects only as long as it is necessary to achieve the purpose for which the Personal Data are processed. It means that in case SendExpert wishes to store the Personal Data for a longer period of time than necessary for the purpose of collecting the data, SendExpert shall anonymise the data in such manner that the Data Subject shall no longer be identifiable. SendExpert shall store the data that have been received by SendExpert via a User relationship or any other similar relationship, in accordance with the best practice, and the data processed on the basis of consent generally for as long as the consent is withdrawn;
      8. Reliability and confidentiality. Personal Data Processing shall be carried out in the manner ensuring the adequate security of Personal Data, including their protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage, by taking reasonable technical or organisational measures. SendExpert has internal guidelines, rules for the employees, and separate agreements with every processor, stipulating the best practices, on-going risk assessment and adequate technical and organisational measures for Personal Data Processing;
      9. Data protection by design and by default. SendExpert shall ensure that all the systems used shall meet the required technical criteria. The suitable data protection measures have been planned upon the renewal or design of every information or data system (e.g. the information systems and business processes are constructed using pseudonymisation and encryption).
    3. Upon Personal Data Processing SendExpert shall act with the purpose of always being capable of evidencing the conformity to the aforesaid principles and additional information regarding the conformity to these principles can also be requested from the Data Protection Officer.
  4. Composition of personal data
    1. SendExpert collects, inter alia, the following types of Personal Data:
      1. the Personal Data disclosed to SendExpert by the Data Subject:
        1. when completing the registration form such as password, e-mail address, name, telephone, country and city of residence; name of the company, surname, date of birth.
      2. the Personal Data generated as a result of the day-to-day communication between the Data Subject and SendExpert such as name, e-mail or telephone;
      3. the Personal Data manifestly made public by the Data Subject (e.g. in social media);
      4. the Personal Data generated upon consumption of Services (e.g. in the use of the SendExpert Services);
      5. the Personal Data generated as a result of visiting and using the Website such as:
        1. the time spent on the Website and other behaviour information;
        2. IP address of the User;
        3. Operating system used by the User (for example, MacOS, Windows)
        4. browser used by the User (for example, Mozilla Firefox, Opera, Google Chrome, Internet Explorer)
        5. type of a website from which the User was redirected.
        6. the Personal Data received from third persons;
      6. the Persona Data received from User in accordance with the Controller-Processor agreement and Terms of Use;
      7. the Personal Data created and combined by SendExpert (electronic correspondence or order history in the context of a client relationship).
  5. Composition, purposes and bases for processing of personal data
    1. SendExpert shall Process Personal Data only on the basis of consent or on a legal basis. Legal bases for Processing of Personal Data include but are not limited to legitimate interests or an Agreement between the Data Subject and SendExpert.
    2. SendExpert shall Process Personal Data on the basis of consent precisely within the limits, to the extent and for the purposes determined by the Data Subject. As for consents, SendExpert shall follow the principle that every consent shall be clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language. Consent may be given in writing or by electronic means or as an oral statement. A Data Subject shall give the consent freely, specifically, informedly and unambiguously, for example:
      1. for marketing letters by ticking a box on the Website;
      2. for publishing its Websites feedback of the Users, which may cotain personal data of the Users e.g. photos.
    3. Upon entry into and performance of an Agreement, Personal Data Processing may be additionally provided for in the specific Agreement, but SendExpert may Process Personal Data for the following Purposes:
      1. in order to take steps at the request of the Data Subject prior to entering into the Agreement;
      2. to identify the User to the extent required by due diligence;
      3. to perform the obligations to the User regarding the provision of its Services;
      4. to communicate with the User;
      5. to ensure the performance of the payment obligation of the User;
      6. to submit, realise and defend claims.
    4. For the entry into an employment agreement, the Processing of the Personal Data of a job applicant by SendExpert based on the entry into the agreement and legitimate interest shall include:
      1. Processing of the data submitted by the job applicant to SendExpert for the purpose of entering into an employment agreement;
      2. Processing of the Personal Data received from the person indicated as the referee by the job applicant;
      3. Processing of the Personal Data collected from state databases and registers and public (social) media.

      In case a job applicant is not selected, SendExpert shall store the Personal Data collected for the entry into an employment contract for two years in order to make a job offer to the job applicant in case a suitable position becomes vacant. When two years have passed after the submission of a job application, the Personal Data of the job applicant who was not selected shall be deleted.

    5. Legitimate interest means the interest of SendExpert in the management and direction of its business in order to be able to offer the best possible Services on the market. SendExpert shall Process Personal Data on a legal basis only after careful consideration in order to ascertain the legitimate interest of SendExpert, based on which the Personal Data Processing is necessary and is in compliance with the interests and rights of a Data Subject (after carrying out the so-called three-step test). In particular, Personal Data Processing may take place on the basis of a legitimate interest for the following purposes:
      1. for ensuring a trust-based relationship with a User, for example Personal Data Processing that is strictly necessary to determine the ultimate beneficiaries or to prevent fraud;
      2. for the administration and analysing the User base to improve the availability, selection and quality of Services and products, and to make the best and more personalised offers to the User upon the User’s consent;
      3. for the identifiers and Personal Data collected upon the use of websites (umber of visits of the website, average duration of a visit of the website, type of viewing of pages, time and date of visits), mobile applications and other Services. SendExpert shall use the collected data for web analysis or for the analysis of mobile and information society services, for ensuring and improving the functioning, for statistical purposes and for analysing the behaviour and using experience of Visitors and for providing better and more personalised Services;
      4. for the organisation of campaigns, including organisation of personalised and targeted campaigns, carrying out User and Visitor satisfaction surveys, and measuring the effectiveness of the performed marketing activities;
      5. for analysing the behaviour of the Users and Visitors while using SendExpert’s Services and on Websites;
      6. for monitoring of the service. SendExpert may record the messages and instructions given in its premises as well as by means of communication (e-mail, telephone, etc.), as well as information and other operations carried out by SendExpert, and shall use those recordings as needed to evidence instructions or other operations;
      7. for network, information and cyber security considerations, for example for fighting against piracy and for ensuring the security of the Websites, as well as for the measures taken for making and storing backup copies;
      8. for corporate purposes, in particular for the financial management and for transfering Personal Data within the group for internal administrative purposes, including the Processing of the Users’ or employees’ Personal Data;
      9. for the establishment, exercise or defence of legal claims.
    6. For performing a legal obligation, SendExpert shall Process Personal Data to perform the obligations set forth by law or to exercise the uses permitted by law. Legal obligations derive, for example, from adhering to the rules of payment processing and prevention of money laundering.
    7. In case Personal Data Processing is carried out for a new purpose, different from those for which the Personal Data were originally collected, or is not based on the consent given by the Data Subject, SendExpert shall carefully assess the permissibility of such new Processing. In order to determine whether the Processing for the new purpose is in compliance with the purpose for which the Personal Data were originally collected, SendExpert shall take into consideration, inter alia, the following:
      1. any link between the purposes for which the Personal Data were collected and the intended further purposes Processing;
      2. the context of collecting the Personal Data, in particular regarding the relationship between the Data Subject and SendExpert;
      3. the nature of the Personal Data, in particular whether any special categories of Personal Data, or Personal Data related to criminal convictions and offences are processed;
      4. possible consequences of the intended further processing for the Data Subjects;
      5. existence of appropriate protection measures which may consist in, for example, encryption and pseudonymisation.
  6. Disclosure and/or transfer of user data to third persons
    1. SendExpert cooperates with persons, to whom SendExpert may transfer data regarding the Data Subjects, including their Personal Data, in the context and for the purposes of co-operation.
    2. Such third persons may be the persons within the same group with SendExpert, its advertising and marketing partners, companies carrying out User satisfaction surveys, debt collection agencies, credit registers, IT partners, persons, authorities and organisations intermediating or providing (electronic) mail services, provided that:
      1. the respective purpose and the Processing are lawful;
      2. the Personal Data Processing is carried out in accordance with the guidelines of SendExpert and on the basis of a valid agreement;
      3. the data regarding the respective processors are disclosed to the Data Subjects (see section 13: Important Documents, Guidelines and Procedures).
    3. SendExpert may transfer EU Data Subjects data outside EEA only if conditions from this Privacy Policy 6.4 are met. Personal Data of Data Subjects from outside EU may be transferred and held outside EU.
    4. SendExpert shall transfer Personal Data to outside the European Union only if there is sufficient protection in the respective country; if protection measures have been agreed upon (e.g. binding internal rules of the group or standard data protection clauses); the Data Subject has given a clear and informed consent for such transfer; the transfer is clearly required by an agreement entered into with the Data Subject; the transfer is not repeated, it concerns only a limited number of Data Subjects; it is necessary for protecting the legitimate interests of SendExpert which are not overridden by the interests, rights or freedoms of the Data Subject, and if all the circumstances related to the transfer have been assessed and suitable protection measures have been established to protect the Personal Data, or if there is some other legal basis therefor. SendExpert shall inform the Data Protection Inspectorate of the transfer based on a legitimate interest.
  7. Security of personal data processing
    1. SendExpert shall store the Personal Data strictly only for the minimum period required. In most cases SendExpert stores and processes data of the User during the entire period of existence of the User’s Personal Account on the website, in order to provide the services of bulk e-mail and SMS distribution by the SendExpert Service.The Personal Data with an expired storage period shall be destructed using the best practice and in accordance with the procedure established for this purpose by SendExpert.
    2. SendExpert has established guidelines and procedural rules for ensuring the security of Personal Data by both organisational and technical measures (see section 13: Important Documents, Guidelines and Procedures). Further information on the security measures taken by SendExpert can be obtained also from the Data Protection Officer of SendExpert.
    3. In case of an incident related to Personal Data, SendExpert shall take all necessary measures to mitigate the consequences and hedge any relevant risks in the future. Inter alia, SendExpert shall register all the incidents and shall inform the Data Protection Inspectorate and the Data Subject directly (e.g. by email) or in public (e.g. via the news) in prescribed cases.
    4. The SendExpert cannot guarantee security of data of the User during transfer of such data via the Internet and services of third parties which are beyond control of the SendExpert. Any transfer of data via the Internet involves certain risks. Such risks are fully borne by the User who provides the data.
  8. Processing of the personal data of children
    1. The Services of SendExpert, including the information society services, are not targeting Children.
    2. SendExpert does not knowingly collect any information on persons under 16 years of age.
    3. In case SendExpert finds out that it has still collected Personal Data from a Child or regarding a Child, SendExpert shall use its best efforts to discontinue the Processing of the respective Personal Data.
  9. Rights of data subjects
    1. Rights related to consent:
      1. A Data Subject will always be entitled to inform SendExpert about his or her wish to withdraw the consent for the Personal Data Processing.
      2. You will be able to view, change and withdraw your consents given to SendExpert on the Personal Account or by contacting SendExpert. The contact details are set out in section 14 of this Privacy Policy.
    2. Rights of Data Subject may vary if Data Subject is not from EU or located there. A Data Subject has also the following rights upon Personal Data Processing:
      1. Right to receive information i.e. the right of a Data Subject to receive information regarding the Personal Data collected about him or her. A Data Subject will be able to receive information from the Personal Account where also additional information regarding the exercising of one’s information rights can be found or by contacting SendExpert (see contact information in section 14).
      2. Right of access to data which, inter alia, includes the right of a Data Subject to a copy of the Processed Personal Data. A User will be able to examine, inter alia, the Personal Data collected by SendExpert on the Personal Account (see section 13: Important Documents, Guidelines and Procedures).
      3. Right to rectification of inaccurate Personal Data. A Data Subject will be able, inter alia, to correct inaccurate data also on his or her Personal Account (see section 13: Important Documents, Guidelines and Procedures).
      4. Right to erasure of data i.e. in certain cases a Data Subject will be entitled to demand the deletion of Personal Data, for example if the Processing is carried out only on the basis of a consent.
      5. Right to demand restriction of Personal Data Processing. This right is created, inter alia, in case the Personal Data Processing is not permitted under law or if the Data Subject challenges the accuracy of the Personal Data. A Data Subject will be entitled to demand the restriction of the Personal Data Processing for a period enabling the processor to check the accuracy of the Personal Data or if the Personal Data Processing is unlawful but the Data Subject does not request the deletion of the Personal Data.
      6. Right to data portability i.e. a Data Subject shall have, in certain cases, the right to receive the Personal Data in a machine-readable format, and to take these data along or transfer them to another controller.
      7. Rights related to automated Processing mean, inter alia, that a Data Subject will have the right to object, on grounds relating to his or her particular situation, at any time to Processing of Personal Data concerning him or her, based on automated decision-making. For the avoidance of doubt - SendExpert may Process Personal Data for automated decision-making promoting its business (i.e. for segmentation of Visitors in marketing context, and for sending them personalised messages, in the context of commencement of an employment relationship, and in order to ensure that our employees shall adhere to our internal security regulations). Automated Processing may include also data collected from public sources. You have the right to avoid any decisions based on automated Personal Data Processing if they can be classified as profiling;
      8. Right to the assessment of a supervisory authority on whether the Processing of the Personal Data of the Data Subject is lawful;
      9. Compensation for damage.
  10. Exercising of rights and filing of complaints
    1. Exercising of rights. A Data Subject will be entitled to address SendExpert or the Data Protection Officer of SendExpert using the contact details set out in section 14 in case of any question, request or complaint related to Personal Data Processing. SendExpert encourages Data Subjects to use also the Personal Account and the form created namely for the purpose of receiving an initial response to any issues related to their Personal Data (see section 13: Important Documents, Guidelines and Procedures).
    2. Filing of complaints. A Data Subject will be entitled to address a complaint to SendExpert and the Data Protection Officer of SendExpert, to the Data Protection Inspectorate or to a court if the Data Subject is of the opinion that his or her rights have been infringed in Personal Data Processing. The contact details of the Data Protection Inspectorate are available on the website of the Data Protection Inspectorate: Contact details for data protection authorities in the EEA are available here.
  11. Cookies and other web technologies
    1. SendExpert may collect data regarding the Visitors of the Websites and other information society services by using Cookies for this purpose (i.e. small pieces of information stored by the Visitor’s browser on the hard disk of the computer of any other device of the Visitor) or other similar technologies (e.g. IP address, equipment information, location information) and process these data.
    2. SendExpert uses the collected data to enable the provision of the Service in accordance with the habits of a Visitor or User; to ensure the best Service quality; to inform the Visitor and User about the contents and give recommendations; to update advertisements and make marketing efforts more efficient; and to facilitate logging in and protection of data. The collected data shall also be used for counting the Visitors and recording their using habits.
    3. SendExpert uses session Cookies, persistent Cookies and advertising Cookies. A session Cookie is deleted automatically after every visit; persistent Cookies shall remain upon repeated use of the Website, and advertising Cookies and third party Cookies are used by the Websites of the partners of SendExpert which are connected with the Website of SendExpert. SendExpert does not control the generation of those Cookies, therefore information on these Cookies can be obtained from third persons. Further information on Cookies is available in the explanatory materials (see section 13: Important Documents, Guidelines and Procedures).
    4. As to the Cookies, Visitors agree with the use of Cookies on the Website, in information society service devices or the web browser.
    5. Most of the web browsers allow Cookies. Without fully allowing Cookies, the functions of the Website are not available to a Visitor. The allowing or prohibiting Cookies and other similar technologies shall be under the control of a Visitor via the settings of the Visitor’s own web browser, settings of the information society service and platforms for making such privacy more efficient (see section 13: Important Documents, Guidelines and Procedures).
    6. The Website uses Google Analytics and Yandex.Metrica systems.
  12. Special provisions for SendExpert products/services
    1. Creation of Bulk Distribution List. Bulk Distribution List can be created in different ways, for example, importing contacts through a CSV or directly from User’s email list. User’s Bulk Distribution Lists are stored on a SendExpert’s secure server either in EU or in certain cases outside EU. We do not sell User’s Bulk Distribution Lists. If someone on Client’s Bulk Distribution List contacts us, we might then contact that person. Users have the right to export (download) their Bulk Distribution Lists from SendExpert at any time. In case we detect abusive or illegal behaviour related to User’s Bulk Distribution List, we may share that Bulk Distribution List or portions of it with affected ISPs or anti-spam organizations to the extent permitted or required by applicable law.
    2. SendExpert’s business model is built in a way that SendExpert often processes Personal Data on behalf of Users, meaning SendExpert is processor of data (in the sense of General Data Protection Regulation art 4 (8)). As a result, for much of the Personal Data we collect and process through the Services, we act on behalf of our Users. SendExpert is not responsible for the privacy or security practices of our Users, which may differ from those set forth in this privacy policy. In cases where SendExpert is data controller (General Data Protection Regulation art 4 (7)) this Privacy Policy is adhered to.
    3. Provisions in relation to public information and third party websites:
      1. Blog or communities in social networks. SendExpert has public blogs on our Websites. Any information included in a comment on blog may be read, collected, and used by anyone. If Personal Data appears on blogs or on SendExpert Websites and Data Subject wants it to be removed, contact SendExpert (for contact information see section 14 of this Privacy Policy). There can be cases where the SendExpert is not able to delete some data of the User. In such cases the SendExpert answers to the User and explains the reasons for impossibility to delete the data within a reasonable period.
      2. Social media platforms and widgets. SendExpert Websites include social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our Website, and they may set a cookie to make sure the feature functions properly.
      3. Links to third party websites. SendExpert Websites include links to other websites, whose privacy practices may be different from ours. If Personal Data is submitted to any of those sites, Data Subject’s information is governed by their privacy policies. Please read the privacy policy of any website you visit.
      4. Promotions. SendExpert may sometimes offer surveys, contests, sweepstakes, or other promotions on our Websites or through social media.
    4. Choices and Opt-Outs. Data Subject can opt out of receiving marketing emails from SendExpert at any time. Data Subject can opt out of marketing emails by clicking the ‘unsubscribe’ link at the bottom of marketing emails.
      1. Also, all opt out requests can be made by contacting SendExpert (for contact information see section 14 of this Privacy Policy). Please note that it may take us few days to remove contact information from SendExpert’s marketing lists.
      2. However, some communications for example, service messages, account notifications, billing information, are considered necessary for account management or fulfilling legal agreement and it is not possible to opt-out of these messages.
  13. Important documents, guidelines and procedures
    1. The Privacy Policy of SendExpert shall be implemented on the basis of the following documents, guidelines and procedures:
      1. Personal Account, through which a Data Subject will be able to access to his or her Personal Data held by SendExpert, correct and change them, and exercise other rights deriving from law and this Privacy Policy;
      2. All About Cookies (in English): Descriptions of cookies and other web technologies used by SendExpert;
      3. Your Online Choices; About Ads; Network Advertising, (in English): the platform of controlling and monitoring of cookies and other web technologies, where Data Subjects themselves can change and control how their Personal Data are used and collected.
  14. Contact details and information
    1. The contact details of SendExpert that are important for a Data Subject: Regarding Personal Data issues, SendExpert and its Data Protection Officer can be contacted by e-mail [email protected].
  15. Other terms and conditions
    1. SendExpert will be entitled to unilaterally amend this Privacy Policy. SendExpert shall inform Data Subjects about amendments on the website of SendExpert, by e-mail or by other means. SendExpert recommends to review Privacy Policy published on the website from time to time in order to be aware of the version of the Privacy Policy currently in force.
    2. The latest updates 30.01.2019.

Last updated 30.01.2019