Updated 25.04.2018. Effective 25.05.2018.
About your rights to data privacy
Why we collect personal data
What types of user data is being processed
How user data is being processed
How user data is protected
Correspondence with Runbox staff
Runbox Solutions AS (“Runbox Solutions”), a company incorporated and located in Norway, provides users with email, web, and domain hosting services (the “Service”) governed by the Terms of Service.
In accordance with the regulations laid out in Norwegian and EEA data protection regulations (see Legal Basis further down) you have certain rights with regards to your User Data.
For example, you have a right of:
- Access: The ability to view collected data.
- Rectification: The ability to correct or update data.
- Restriction: The ability to restrict how data are processed.
- Erasure: The ability to delete stored data.
- Portability: The ability to receive and transmit stored data.
- Objection: The ability to object to the processing of data.
When registering an account with the Service you are asked to provide certain information, such as your name and contact information.
Some information is required in order for us to deliver the Service and fulfill our obligations to you, while other details may be given at your discretion and is marked as optional.
The information will also be used to customize the Service for you, to maintain the quality of the Service, for anonymous, statistical purposes, and to provide us with an alternate means of contacting or authenticating you if necessary.
The Service is subject to and compliant with the laws and regulations of the Kingdom of Norway, in particular the Personal Data Act (Norwegian), which implement the EU General Data Protection Regulation (GDPR).
None of the data collected through the Service is sensitive by the definition of the law, and therefore not subject to notification to the DPA.
In accordance with the recommendations from the DPA, Runbox Solutions has appointed an internal Data Protection Officer (DPO), whose main responsibility is to ensure that the company follows the privacy regulations specified in the Personal Data Act, Section 11.
The DPO also serves as liaison between Runbox Solutions and the DPA. Runbox Solutions’ DPO is authorized by the DPA, which allows Runbox Solutions to use the official Data Protection Officer logo.
The DPO can be contacted at firstname.lastname@example.org. Please do not use this address for any other purpose, and instead use these addresses for issues not relating directly to data privacy.
Account Information includes data entered when you registered with the Service, and may be displayed through the Service on the Account screen. These data can be exported to your own device and be used with another service as described on our Help page Exporting Your Data.
Main Accounts may view and change the Account Information of Sub-Accounts.
You consent to providing us with the following personal data when you register an account: First name, last name, company name (where applicable), mobile phone number (where applicable), country, and alternative email address. You may access and update this information at any time in the “Account” section in the Service. To revoke this consent you must terminate the Service, see Terms of Service section 4.
Upon registration you may also consent to receiving news and offers from Runbox. You can opt out of such communication by visiting the Account screen, or by contacting Runbox Support.
Your Account Information is stored on servers located in Norway for as long as your account is active and:
- up to 1 month after closure of trial accounts; or
- up to 5 years after closure of subscribed accounts, as financial records must be kept for 5 years according to the Norwegian Bookkeeping Legislation (Lov om bokføring).
Account Information can be deleted upon request after termination of the Agreement when permitted by Norwegian law. Usernames of accounts and aliases on domain names provided by Runbox is otherwise kept after termination to prevent your Runbox username from being registered by someone else, in order to protect your privacy and identity.
Backup of Account Information is stored on secure servers separate from the Runbox system for up to 6 months, even after the information has been deleted from the main storage.
Account Content includes any data associated with Webmail, Contacts, Files, etc. These data can be exported to your own device and/or another service as described on our Help page Exporting Your Data.
Email service content (data associated with Webmail, Contacts, and Files in the Service) is stored in main storage on servers located in Norway for as long as your account is active and:
- up to 3 months after closure of trial accounts; or
- up to 6 months after closure of subscribed accounts.
This is provided as a service to you in case you should decide to reactivate your account or wish to access your email if your subscription expires inadvertently. During this period your data will only be available if you resubscribe to the Service or request a data export via Runbox Support. You can however request to have your email data deleted (and your account terminated) immediately by contacting Runbox Support.
Backup of Account Content is stored on secure servers separate from the Runbox system for up to 6 months, even after the content has been deleted from the main storage, except for accounts that have activated the “No backup” feature more than 6 months prior to this. Backup of email metadata (sender, recipient, subject, date/time) is stored on secure servers separate from the Runbox system for up to 6 months, even after the information has been deleted from the main database.
In order to provide virus and spam protection, incoming and outgoing email might be automatically scanned. Additionally, automatic indexing of email contents occurs in order to provide email search facilities.
If you choose to use Runbox Web Hosting, the data you upload and your Runbox email address will be stored on the web hosting server which is located in the US (default) and in Norway. No personal data will be stored on the web hosting server automatically.
If you register a domain name via the Service, your personal data will be stored with the registrar and the registry in the US (default), Norway, or other countries depending on the Top-level Domain (TLD) and your preference. For details, please see our page Domains: How Your Details are Used.
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookies allows the website to “remember” your actions or preferences over time.
Your browser must be set to allow cookies in order to use the Service. The Service utilizes cookies to simplify the connection and data transfer between the client (your device) and the server (our web site).
- identify and remember users during sessions;
- remember users’ custom preferences and settings; and
- help users complete tasks without having to re-enter information.
For further details, please see our Help page Cookies and why we use them.
Basic information about your usage of the Service is logged on the servers for system administration purposes, to help diagnose problems, prevent abuse, keep our systems secure, and keep anonymous statistics in order to improve our services.
Server logs relating to email delivery are stored for 10 days, while server logs relating to usage of the web interface are stored for 1 month.
This information is securely stored on the same servers that our services run on. It is not sent to any other company, and we do not pass on statistics to anyone else.
Runbox Solutions’ hosting provider and ISP do not log any traffic to or from our servers.
We do not use web beacons. Web beacons are transparent pixel images that are used in collecting information about website usage, e-mail response, and tracking.
We do not utilize any third party tracking or statistics facility, which means that we do not share your usage patterns with anyone. Therefore it is impossible for any third party to approach you for instance with advertisements based on your usage of the Service.
We do not use any advertisements on our website, and we do not scan your email in order to display such ads on our website or elsewhere.
Runbox Solutions is formally both Data Controller and Data Processor, which means that Runbox Solutions controls how your User Data is Processed. Runbox Solutions is also the main Data Processor for your User Data and ensures that these data are Processed in accordance with applicable regulations. You are the owner of your User Data including any Personal Data Processed under the Agreement.
Runbox Solutions, by the Managing Director, is responsible for the Personal Data registered. This responsibility includes ensuring that Personal Data is Processed according to Norwegian laws and regulations.
Additionally we make use of the following categories of Data Processors:
Employees must sign contracts that include confidentiality clauses, policies, and procedures that safeguard security and privacy.
Staff and consultants residing outside EU/EEA and outside countries that are acknowledged by EU to have sufficient privacy regulations are governed by EUs Model Contract, Standard Contractual Clauses (SCC), or Contractual Clauses authorized by the Data Protection Agency.
Our systems management partner, Copyleft Solutions AS in Norway, is a Data Processor governed by a Data Processing Agreement compliant with the GDPR.
Third party services are provided by entities that are authorized by Runbox to process User Data for specific and optional purposes.
Please refer to Third party services for a list of optional third party services that may process your User Data.
Runbox Solutions will treat your User Data confidentially, and our employees, associates, and partners are under a duty of confidentiality to Runbox Solutions. We will not sell your User Data or exchange it with anyone, for marketing purposes or for any other reason.
Runbox Solutions ensures that internal policies and procedures are in place so that access to User Data is limited to personnel that require access to Process User Data under the Agreement.
Runbox Solutions will not disclose your Account Information, or access or disclose your Account Content, except with your written permission or unless acting under good faith that such action is necessary to:
- conform to legal requirements or comply with legal process pursuant to Norwegian law;
- protect or defend the rights or property of Runbox Solutions; or
- enforce the Terms of Service.
Runbox Solutions maintains appropriate administrative, technical and organizational safeguards to protect User Data from unauthorized or unlawful Processing, from accidental loss, destruction, or damage.
Your Account Information and email service data are stored on secure servers located in maximum security facilities. Your account username and password ensure that only you can log in to your account as long as you do not divulge your login details to anyone. Runbox Solutions will never ask you for your login details and you must never disclose these details to anyone.
No data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. Although Runbox Solutions strives to employ the strongest security technologies available we cannot warrant the security of any information you transmit to us, and we recommend encrypting your messages if you are concerned about email being intercepted in transit.
If you correspond with us via e-mail, the postal service, or other forms of communication, we will retain such correspondence and the information contained therein to more efficiently respond to any future inquiries. You may request that such communication be discarded upon termination of the Agreement.
Personal data that you disclose in support communication is at your discretion.
The information you submit through the contact form on our website will be transferred to our Support System.
Our Support System for inquiries is installed on a secure server in Norway. The support tickets are only accessible to authorized Runbox Staff and the person who submitted the ticket.
Please proceed to Contact us to do so.
Account Content: Email service content, i.e. data currently associated with Webmail, Contacts, and Files in the Service.
Account Information: The data entered when you registered with the Service.
Data Controller: The entity that determines the purpose and means of Processing of Personal Data.
Data Processor: The entity that processes Personal Data on behalf of the Data Controller.
Data Protection Laws and Regulations: Any data protection laws and regulations applicable to the processing of Personal Data under the Agreement, including the applicable laws and regulations of the European Economic Area, and Norway.
Data Subject: The individual to whom Personal Data relates. In this context, the Data Subject is you.
Main Account: An admin account that is not managed by another account, and that may manage one or more Sub-Accounts.
Personal Data: Any information relating to an identifiable or identified individual.
Processing, Processes or Process: Any operation or set of operations performed upon Personal Data whether or not by automated means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.
Sub-Account: An account that is managed by a Main Account.
User Data: All data that you submit when using the Service.