Privacy Policy – EEA
Version 4.0 August 2, 2023
Who are we and how can you contact us?
This privacy notice aims at giving you information on how your personal data are processed by Maestra B.V. or Mindbox USA LLC (whichever is applicable). In this notice, we refer to ourselves as ’we’, ’us’ and ’our’.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using:
our email:
dpo@maestra.io
The policy extends to:
-
our email
-
our product
-
our website
What data, for what purposes, on what basis, and for how long do we process?
-
Our internal operations. We act as a controller in the
-
following processings Sales
-
Company name
Phone number
DigitalOcean LLC
Company name
Phone number
Google LLC
Pipedrive OÜ
Company name
Phone number
Google LLC
Pipedrive OÜ
Date of communication
History of communication
Pipedrive OÜ
Complaint
Atlassian Pty Ltd
-
Contract conclusion, payment processing and reporting
Payment amount
Status of payment
Company name
Date
Xero Limited
Payment amount
Status of payment
Company name
Date
Xero Limited
Phone number
Position of an employee
Company name
Document authorizing to act on behalf of the company
Signature
Payment amount
Phone number
Position of an employee
Company name
Document authorizing to act on behalf of the company
Signature
Payment amount
Pipedrive OÜ
Xero Limited
Google LLC
Phone number
Position of an employee
Company name
Document authorizing to act on behalf of the company
Signature
Payment amount
Pipedrive OÜ
Google LLC
DocuSign Inc.
Position of an employee
Company name
Payment amount
Selected modules
Position of an employee
Company name
Payment amount
Date
Status of payment
Number of an invoiceHelp customers complete transactions
Xero Limited
Complaint
Google LLC
Atlassian Pty Ltd
Payment amountManage customers’ complaints
Pipedrive OÜ
Google LLC
-
Security
Access level
Internal ID (employee)
Event data (login, wrong password, project change)
Microsoft
Corporation LLC
Leaseweb
Deutschland
GmbH
Amazon Web Services
Username
Access level
Microsoft
Corporation LLC
Leaseweb
Deutschland
GmbH
Amazon Web Services
-
Project Maintenance
Phone number
Company name
Position of an employee
Pipedrive OÜ
Company name
Microsoft Corporation LLC
Leaseweb
Deutschland
GmbH
Amazon Web Services
Selected modules
Name
Request
Company name
Atlassian Pty Ltd Google LLC
Intercom, Inc.
37signals LLC
Complaint
Google LLC
Atlassian Pty Ltd
Recording of the meeting if requested
Google LLC
Zoom Video Communications, Inc.
Selected modules
Google LLC
-
Marketing
Location (country or town)
OS type and version Browser type and version
Type of device and its display resolution
Traffic source for the visitor OS and browser language
Which buttons are being clicked
What pages are being opened
Google LLC
Meta Platforms, Inc.
LinkedIn Corporation
Company name
Position of an employee
Photo
Feedback
Digital Ocean LLC
Aut O’Mattic A8C Ireland Ltd.
-
Machine Learning
Average open rate
History of customert’s interaction with products, newsletters, etc.
Microsoft Corporation LLC
Leaseweb
Deutschland GmbH
Amazon Web services
-
Maestra software. We process data on behalf of the customer and act as a processor in the following processings
-
Client profile maintenance
PurposeDataData recipientsCreating a client (customer) profile in CDPMaestra ID (customer)
Name
Email
Phone numbe
IP address
Sex
Date of birth
Type of device and its display resolution
Additional info (from the comments field)
Extra fields added by customer
Browser type and version
Location (country or town)
Registration dateMicrosoft
Corporation LLC
Leaseweb
Deutschland GmbH
Amazon Web servicesCreating an employee account in the systemLogin
Password
Internal ID (employee)Microsoft Corporation LLC Leaseweb Deutschland GmbH
Amazon Web ServicesAccess distribution for customert’s employeesEmail
Login
Access level
Internal ID (employee)Microsoft Corporation LLC Leaseweb Deutschland GmbH
Amazon Web ServicesLogging customer logins and employee actionsLogin
Time of the
login Internal ID (employee)
Actions with client’s data (editing, deletion, merging of the profiles etc.)Microsoft Corporation LLC Leaseweb Deutschland GmbH
Amazon Web ServicesAuthorization of userLogin
Password
Phone number
Internal ID (employee)Microsoft Corporation LLC Leaseweb Deutschland GmbH
Amazon Web Services
-
-
Data collection of customer’s clients
Phone number
App ID
Web ID
Maestra ID (customer)
Order number
Bank card cash
Amazon Web Services
Which buttons are being clicked
Whether the emails have been read (opening rate)
Orders history
Product lists
Information about the loyalty program
Maestra ID (customer)
Information about the lead form where the request was left
Whether the customer is logged in to the site Loyalty card activation
Bonuses accrual
Viewing product categories
Viewing product
Subscription status
Other actions
Amazon Web Services
Maestra ID (customer)
Phone number
IP address
Sex
Age
What pages are being opened
Which buttons are being clicked
Whether the emails have been read (opening rate)
Orders history
Product lists
Information about the loyalty program
Whether the customer is logged in to the site Loyalty card activation
Bonuses accrual
Viewing product categories
Viewing product
Subscription status
Other actions
DeviceUUID
Amazon Web Services
Maestra ID
Amazon Web Services
Company name
Phone number
Information about the lead form where the request was left
Amazon Web Services
Albato Limited
Maestra ID (customer)
Subscriptions
Amazon Web Services
Amazon Web Services
Amazon Web Services
-
Newsletters and push-notifications
Subscription status
Behavioral trigger
Order/delivery status
Name
Date of birth
Amazon Web Services
Phone number
Subscription status
Amazon
Web
Services
SMS newsletters providers
Mobile operators
Filter indicated by the client
Clicks on the push
Device settings concerning sending mobile pushes
Sender ID
ID of the project in the firebase
Secret key
Tracker (configuration of parameters of service worker and firebase)
Apple Push Notifications
Push Kit (Huawei)
Firebase Cloud Messaging (Google LLC)
Amazon Web Services
Filter indicated by the client
Clicks on the push
Whether the browser allows to send push
Token (if the browser allows to send push)
Sender ID
ID of the project in the firebase
Secret key
Tracker (configuration of parameters of service worker and firebase)
Corporation LLC
Leaseweb
Deutschland GmbH
Google LLC
Amazon Web Services
Segment
Phone number
Sex
Date of birth
Surname
Name
Region
City Index
Corporation LLC
Leaseweb
Deutschland
GmbH
Amazon Web Services
Media S.à r.l.
Microsoft
Corporation LLC
Leaseweb
Deutschland
GmbH
Amazon Web Services
-
Personalisation
Amazon Web Service
Name
Subscription status
UTM-tags
URL from which new lead was obtained
Domen
City
City ID
Date and time of creation
Number of purchases
Orders history
History of client’s interaction with products, newsletters, etc.
Time spent on the website
Bonuses accrual
Phone number
Promocode
History of website visits
Type of device and its display resolution
Commentaries left in the form
Items in the shopping bag
Traffic source for the visitor
Actions on the website page
Amazon Web Services
Segment
Phone number
Sex
Date of birth
Surname
Name
Region
City Index
Amazon Web Services
Customer’s database
Amazon Web Services
Amazon Web Services
Phone number
Orders history
Order amount
Amazon Web Services
Segment
Maestra ID (customer)
Phone number
IP address
Sex
Age
What pages are being opened
Which buttons are being clicked
Whether the emails have been read (opening rate)
Orders history
Product lists
Information about the loyalty program
Other actions
Amazon Web Services
-
Reports generation
Which buttons are being clicked
Whether the emails have been read (opening rate)
Amazon Web Services
Openings of the newsletter
Name of the newsletter
Newsletter campaign
Newsletter channel
Newsletter type
Tag
Brand
Conversions
Unsubscribtions
Revenue
Orders
Brand Date of subscription
Whether client is registered on the chosen channel
Average
Open rate
Average Click rate
Orders history
Age
Sex
Region
Segment
Viewing product
Viewing product categories
Information about the loyalty program
Amazon Web Services
Date of actions
Amazon Web Services
-
Modules operating based on machine learning
Viewing product
Viewing product categories
Actions with client’s lists
Behaviour of similar clients
Client’s actions with product categories
The list of clients most likely to buy products (tomorrow)
Product recommendations
History of client’s interaction with products, newsletters, etc.
Region
Web ID
Maestra ID (customer)
Amazon Web Services
Viewing product
Viewing product categories
Actions with client’s lists
Behaviour of similar clients
Client’s actions with product categories
The list of clients most likely to buy products (tomorrow)
Product recommendations
History of client’s interaction with products, newsletters, etc.
Region
Web ID
Maestra ID (customer)
Amazon Web Services
Average open rate
History of client’s interaction with products, newsletters, etc.
Name
Surname
Maestra ID (customer)
Distribution of the most appropriate time to send messages by days
Phone number
Brand
Contact point
Region
Amazon Web Services
History of client’s interaction with products, newsletters, etc.
Amazon Web Services
Where did we get your data from?
-
Browser
Your internet browser (such as Mozilla Firefox, Google Chrome, or Microsoft Internet Explorer) automatically transmits some information to us every time you access content on one of our internet domains. Examples of such information include the URL of the particular Web page you visited, the IP (Internet Protocol) address of the computer you are using, or the browser version that you are using to access the website.
-
Our customer
Out customers can upload their databases to our system, which will create a profile of you as a customer’s client. The customer should inform you about that in their privacy notice.
-
Directly from you
We may obtain personal data directly from you, e.g. when you contact us, when our cookies are enabled on the customers’ websites.
Cross-border transfer?
Information about these companies and their data protection practices:
Internal operations
-
Maestra
Maestra has sales, marketing, R&D, support, accounting team in Kazakhstan and Armenia.
They work in accordance with this Privacy Policy. The relevant agreements are used to ensure that your personal data are properly protected.
-
Xero limited
Xero is an accounting software. The recipient is located in New Zealand, which is considered by European Data Protection Board to provide adequate level of data protection. Relevant Privacy Policy.
-
Digital Ocean LLC
Diginal Ocean is a hosting for our website maestra.io. The recipient is located in the USA.
Relevant Privacy Policy of Digital Ocean LLC. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
Google LLC
The services for internal data storage and communications is provided by Google LLC. Address: Google LLC, Google Data Protection Office, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
Relevant privacy policy of Google. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to Google to ensure that they are properly protected. For more information:click on this link .
-
DocuSign Inc.
We use DocuSign in order to sign the agreements with customers electronically. Address: 221 Main St., Suite 1000 San Francisco, USA.
Relevant privacy policy of DocuSign. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
Atlassian Pty Ltd
To manage the tasks within our team, we use such tools as Trello and Slack. Some of your personal information (such as support request) may be processed within these tools.
Relevant privacy policy . Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
37signals LLC
We use Basecamp provided by 37signals LLC located in the USA to manage our projects.
Relevant privacy policy . Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
Zoom Video Communications, Inc.
The video conference calls services are provided by Zoom Video Communications, Inc. Address: 55 Almaden Boulevard, 6 th Floor, San Jose, California 95113, USA.
Relevant privacy policy of Zoom. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
LinkedIn Corporation
The marketing services are provided by Linkedin Corporation. Address: 1000 West Maude Avenue Sunnyvale, CA 94085, USA.
Relevant privacy policy of Linkedin. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data.Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
Meta Platforms, Inc.
The marketing services are provided
by Relevant privacy policy . Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard
-
Contractual Clauses are used to transfer your data to ensure that they are properly protected.
Maestra software
-
Maestra
Maestra has sales, marketing, R&D, support, accounting team in Kazakhstan and Armenia. They work in accordance with this Privacy Policy. The relevant agreements are used to ensure that your personal data are properly protected.
Maestra
-
Apple
If you are Maestra Customer and your clients use iPhone, when Maestra send mobile push notification to them, Apple Push Notification service (APNs) receives your clients’ data.
Relevant privacy policy . Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
Push Kit
If you are Maestra customer and your clients use Huawei phone, when Maestra send mobile push notification to them, Push Kit, operated by Huawei receives your clients’ data.
Relevant privacy policy . Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
Firebase Cloud Messaging
If you are Maestra customer and your clients use Andriod phone, when Maestra send mobile push notification to them, Firebase Cloud Messaging, operated by Google LLC receives your clients’ data.
Relevant privacy policy . Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.
-
Mobile operators
When we send SMS newsletters, some personal information may be collected by mobile operators. The customer chooses which mobile operator will be operating the processing.
-
SMS newsletter providers
When we send SMS newsletters, the customer may refer to the services of SMS newsletter providers and choose the appropriate one.
Where Maestra store Customer’s data
We store your data within the EU in order ensure that they are properly protected.
-
Microsoft Azure
Microsoft provides could services called «Microsoft Azure» where we store Customer’s data. We rent servers in the Eurozone, that is, your data is stored on the servers located in the EU.
Address: Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Relevant privacy policy of Microsoft Corporation.
-
Amazon Web Services
Amazon provides could services called «Amazon Web Services» where we store customer’s data. We rent servers in the Eurozone, that is, your data is stored on the servers located in the EU.
Address: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg.
Relevant privacy policy of Amazon Web Services.
-
Leaseweb Deutschland GmbH
Leaseweb is a data center where we rent servers for storing customer’s data. We rent servers in the Eurozone, that is, your data is stored on the servers located in the EU.
Address: Leaseweb Deutschland GmbH Hanauer Landstraße 121 60314 Frankfurt am Main.
Relevant privacy policy of Leaseweb.
Automated decisions
Our customer can activate the module based on machine learning. We use machine learning to determine product recommendations and best time to send the materials.
Your rights
request information about the processing of your personal data obtain access to the personal data held about you
Under Article 15 of the GDPR, individuals have a right of access that gives them the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why companies are using their data, and check the lawfulness of the processing.
ask for incorrect, inaccurate or incomplete personal data to be corrected
Under Article 16 of the GDPR, individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed — although this will depend on the purposes for the processing.
request that personal data be erased when they are no longer needed or if processing is unlawful
Under Article 17< of the GDPR, individuals have the right to have personal data erased. This is also known as the ’right to be forgotten’. The right is not absolute and only applies in certain circumstances.
request the restriction of the processing of your personal data in specific cases
Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.
receive your personal data in a machine-readable format and send them to another controller (’data portability’)
Under Article 20 of theGDPR, individuals have the right to data portability that gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits those data directly to another controller.
object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation
Article 21 of theGDPR gives individuals the right to object to the processing of their personal data at any time. This effectively allows individuals to stop or prevent you from processing their personal data.
request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to challenge the decision
withdraw your consent at any time
The GDPR gives a specific right to withdraw consent. You need to tell people about their right to withdraw, and offer them easy ways to withdraw consent at any time.
lodge a complaint with a supervisory authority
In accordance with Article 77 of theGDPR, you, as a data subject, have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.If you have any questions about the protection of your personal data, you can contact us by using our email: