This privacy policy describes how Postmarc LLC and its affiliates may process your personal data when you use the Service. 

We may modify this privacy notice from time to time and will place any updates on this website.

 

Section 1.1 – Definitions 

For the purpose of this Privacy Policy following definition should be understood as it follows: 

- Postmarc or Postmarc LLC - Throughout the blog, the terms “we”, “us”, “our”, “Postmarc” refer to Postmarc; 

- Person – every legal or real person; 

- User – every person who access content of the Postmarc services, or/and any natural or legal person who, for professional or personal ends or otherwise, uses the services, in particular for the purposes of seeking information or making it accessible;

- Service – website, web page, Postmarc social networks profiles, pages, events and all other features which may be provided by social network providers, online services and all other services provided online or by electronic means; 

- Content – every text, picture, video, comment, visual material, combination of video, text and/or picture, names, contact details and personal data; 

- Web pages, blog, website, information service provider, information society service provider, online service providers or intermediary – is a fixation of a collection of literary works, which may also comprise other works or subject-matter and constitutes an individual item within a periodical or regularly-updated publication under a single title; 

  • Web pages, blog, website, information service provider, information society service provider, online service providers or intermediary for the purpose of this Privacy Policy are used interchangeably; 

- Commercial communication: any form of communication designed to promote, directly or indirectly, the goods, services or image of a company, organization or person pursuing a commercial, industrial or craft activity or exercising a regulated profession; 

- Technological measures - any technology, device or component that, in the normal course of its operation, is designed to prevent or restrict acts, in respect of works or other subject matter, which are not authorized by the rightholder of any copyright or any right related to copyright as provided for by law or the sui generis right provided in relevant law; 

- Relevant law – the law which may apply in the particular case; 

- Personal data - any information relating to an identified or identifiable natural person (‘data subject or user’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 

- Data subject – User whose personal data had/has been processing; 

- Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

- Profiling - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements; 

- Pseudonymisation - the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; 

- Recipient of personal data - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. *However, public authorities which may receive personal data in the framework of a particular inquiry shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; 

- Restriction of processing - the marking of stored personal data with the aim of limiting their processing in the future; 

- Filing system - any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralized or dispersed on a functional or geographical basis; 

- Personal data breach - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed; 

- Representative - a real person entitled to represent legal person; 

- Enterprise or affiliate - a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity; 

- Third party - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; 

- Consent - any freely given, specific, informed and unambiguous indication of the subject (user) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Privacy Policy and/or processing of personal data relating to him or her; 

- Binding rules – Postmarc Privacy Policy, other relevant policies related to Postmarc service and policies which are adhered for transfers or a set of transfers of personal data or copyright or related rights to a legal or a real person in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity; 

- Disclosure – making available content to the third party or public authority. 

- Security – the process of implementing measures and systems designed to securely protect and safeguard information (business and personal data, voice conversations, still images, motion pictures, multimedia presentations, including those not yet conceived) utilizing various forms of technology developed to create, store, use and exchange such information against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby preserving the value, confidentiality, integrity, availability, intended use and its ability to perform their permitted critical functions; 

- Cookies – data specific to a particular user and website, and can be accessed either by the information service provider or the user computer; 

- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); 

- Privacy Shield - The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law; 

- Legal capacity – the quality of a natural or legal person necessary for their actions to have legal effect;

 

Section 2.1 General Provisions

This Privacy policy and any policies or operating rules posted by us on our Service or in respect to the Service constitutes the entire agreement and understanding between you and us and govern your use of our Service, superseding any prior or contemporaneous agreements, communications and proposals, whether oral or written, between you and us (including, but not limited to, any prior versions of the Terms of Service, Conditions and Terms or/and Privacy Policy). 

Postmarc offers its service, including all information, tools and services available from its Service to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here. 

If you don’t understand language of the Privacy Policy do not access nor use our Service. Postmarc will not be liable for misused of the Service caused by illiterate or underage users. 

By visiting Postmarc Service, you engage in our “Service” and agree to be bound by the following Privacy Policy, including those additional terms and conditions and policies referenced herein and/or available by hyperlink. This Privacy Policy applies to all users of the Postmarc Service, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content. 

By accessing or using any part of the Service, you agree to be bound by this Privacy Policy. 

Accessing or using any part of the Service will be consider as a freely given consent to us and will be taken as an unambiguous indication and clear affirmative action to the acceptance of the Privacy Policy. 

This Privacy Policy lays down rules which are applicable to personal data protection and privacy policy on Postmarc Services.

 

Section 3.1. Cookie Policy 

Cookies consist of portions of code installed in the browser that assist us in providing the Service according to the purposes described.

The Service uses so-called "cookies" to offer you an extensive range of functions and to make the use of the websites more comfortable. Cookies are small text files that are stored on your computer with the help of your Internet browser. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information.

If you do not want cookies to be used, you can prevent the storage of cookies on your computer by making the appropriate settings in your internet browser. This may limit the functionality and range of functions of the Service.

Postmarc Service may use Cookies to save the user's session and to carry out other activities that are strictly necessary for the operation of this Application, for example in relation to the distribution of traffic.

Postmarc uses Cookies to save browsing preferences and to optimize the User's browsing experience. Among these Cookies are, for example, to measure the popularity of the different sections of the Service, and to understand the way a user responds to the ads we deliver.

Cookies helps us keep track of how many times you view an ad we distribute, or which page is more popular. Likewise, the cookie can help make sure you do not see the same ad over and over and can also help us improve the Postmarc content and features based on users’ actual usage of the Service – thus enhancing your online Web viewing experience. If you refuse a cookie, you can still use Postmarc Service, but your experience may differ from those individuals using cookies.

By accepting the cookies, you are giving consent to Postmarc to use and process information relating to you, in particular all information collected by Postmarc Service cookies.

 

Section 1.5. Subscribing to newsletter 

By subscribing to Postmarc newsletter you are giving a consent to Postmarc to use, control and process information relating to your electronic mail and information you may provide within and to send you information regarding promotions, special offers, exclusive events, new product releases and publications.

 

Section 1.6. Data Privacy and Data Protection rules 

Point 1.1. General Provisions 

By accepting our Privacy Policy and by using our Cookies and our newsletter you are giving consent to Postmarc to use, control and process your personal data and to transfer your personal data to third party and public authority if necessary. 

When you browse our website or sign up with a newsletter, we may collect the personal information you give us such as your name and email address and all other personal data you may provide within. 

When you browse our Service, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. 

Email marketing: When subscribed to our newsletter, we may send you emails about our websites, Services and other updates. 

When you access our Service and provide us with personal data to complete a transaction, verify your credit card, place an order, you give us consent to our collecting it and using it for that specific reason only. 

If after you opt-in, you change your mind, you may withdraw your consent for us, for the continued collection, use or disclosure of your information, at anytime, by contacting us at info@postmarcny.com or mailing us at: Postmarc LLC, P.O. Box 562, Provincetown, Massachusetts, USA 02657. 

Point 1.2. Third-party services 

Postmarc will not be liable for personal data you may give to the third party by using payment methods. We will use Shopify’s payment feature that accepts the following payment methods:

Credit Card – VISA, Mastercard, American Express, Discover

  • Shopify Pay
  • Apple Pay
  • Google Pay
  • Amazon Pay
  • PayPal 

Be advice to consult third party personal data policy before placing an order. 

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. 

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we are not liable and be advice to read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. 

In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you select to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. 

Once you leave our store’s Service or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy. 

Point 1.3 – Redirections and links 

When you click on links on our Service, they may direct you away from our Service. We are not responsible for the privacy practices and/or Terms or Service of other sites and strongly advise you to read their privacy statements and terms of service. 

Point 1.4. Data Subject Rights – general provisions 

We will only collect your personal data for the purposes of providing you with the Service. 

Point 1.5. What personal that we may obtain and when 

We may obtain and process personal data when you use the Service, including: 

- Your name and contact details (e.g. salutation, first name and last name, email address, phone number, city and ZIP code, country of residence, nationality);

- Billing and Shipping information;

- Mobile phone number;

- Gender;

- Birthday;

- Income;

- Your account details (such as username and password);

- Your correspondence details if you contact us;

- Traffic data (such as your Internet usage); and

- Information on your use of the Service. 

Additional personal data may be collected should you wish to provide further information to better match data with the Service. 

All personal data provisions under the Service can be changed at any time and any unsolicited recommendations and voluntary information can be removed. 

Point 1.6. Purposes of processing 

We use information held about you in the following ways: 

  • To process and fulfill purchases, communicating about orders and their status, and personalizing the customer experience where possible,
  • To improve your shopping experience and transactions,
  • To respond to inquiries,
  • To offer you information, recommendations, and promotional material about the products and services you see on our Sites,
  • To provide you with an interactive social media experience that allows you to connect your social networking community to our Sites,
  • To develop a personal profile about you that combines personal information you have provided with personal information about you we have obtained from third parties,
  • To analyze the performance and functioning of our Sites,
  • To study how our customers, use our digital properties and to perform other market research,
  • To provide you with advertisements based on your interests,
  • To communicate marketing and promotional materials and other information that may be of interest to you. 

Point 1.7. Erasure and storage of data 

The use of the Service can be discontinued by us or you at any time. 

Your data will be completely and permanently erased until users exercise their right to be forgotten. 

Personal data that must be retained by us for legal reasons will be blocked in accordance with the applicable data protection regulations. 

Postmarc retains the right to store the personal data as long as it is necessary to improve user experience. 

Point 1.8. Rights of data subject 

For the purpose of this Section term Postmarc and term controller will be used interchangeable. 

The users have the right to request from Postmarc, access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. 

The user has the right to lodge a complaint with a supervisory authority. 

The data subject has the right to obtain from Postmarc, confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

- the purposes of the processing;

- the categories of personal data concerned;

- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

- the right to lodge a complaint with a supervisory authority;

- where the personal data are not collected from the data subject, any available information as to their source;

Point 1.9 – Right of access by data subject

The data subject has the right to obtain from Postmarc, confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

- the purposes of the processing; 

- the categories of personal data concerned; 

- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; 

- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; 

- the existence of the right to request from Postmarc, rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; 

- the right to lodge a complaint with a supervisory authority;

Postmarc may provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, Postmarc may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

The right to obtain a copy referred to in Section 1.6 – point 1.9 shall not adversely affect the rights and freedoms of others.

Point 2.1. - Right to rectification

The data subject has the right to obtain from Postmarc without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Point 2.2. - Right to erasure (“Right to be forgotten”)

The data subject has the right to obtain from Postmarc, the erasure of personal data concerning him or her without undue delay and Postmarc has the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is base and the data subject has given consent to the processing of his or her personal data for one or more specific purposes, the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person;
  3. data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited;
  4. the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing necessary for entering into, or performance of, a contract between the data subject and a data controller, is authorized by the law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or is based on the data subject’s explicit consent;
  5. the personal data have been unlawfully processed;
  6. the personal data must be erased for compliance with a legal obligation in state of the of establishment of the controller to which the controller is subject;
  7. the personal data have been collected in relation to the offer of information society services referred to the processing of the personal data of a child shall be lawful where the child is at least the age referral to the relevant law. Where the child is below that age, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.

Where Postmarc has made the personal data public and is obliged pursuant to paragraph 1 of this point to erase the personal data, Postmarc, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Paragraphs 1 and 2 of this point shall not apply to the extent that processing is necessary:

- for exercising the right of freedom of expression and information; 

- for compliance with a legal obligation which requires processing by the law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; 

- for reasons of public interest in the area of public health when processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of the law or pursuant to contract with a health professional and subject to the conditions and safeguards, and when processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of the law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; 

- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with the law, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organizational measures are in place in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or 

- for the establishment, exercise or defence of legal claims.

Point 1.8. - Right to restriction of processing

The data subject has the right to obtain from Postmarc, restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling Postmarc to verify the accuracy of the personal data;
  2. the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. Postmarc no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pursuant to Point 2.2. - Right to erasure (“Right to be forgotten”) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under paragraph 1 of this point, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the State law.

Data subject who has obtained restriction of processing pursuant to paragraph 1 of this point shall be informed by the controller before the restriction of processing is lifted.

Point 1.9. Notification obligation regarding rectification or erasure of personal data

or restriction of processing

Postmarc shall communicate any rectification or erasure of personal data or restriction of processing carried out when:

- The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement,

- The data subject exercises his/her right to be forgotten,

- The data subject exercises his/her right to restriction of processing,

to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Postmarc shall inform the data subject about those recipients if the data subject requests it.

Point 2.1. Right to data portability

The data subject have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

- the processing is based on the data subject consent which has given to the processing of his or her personal data for one or more specific purposes or the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where State law provide that the prohibition referred to processing of special categories of personal data may not be lifted by the data subject, or on a contract where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

- and the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1 of this point, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of the right referred to in paragraph 1 of this Point shall be without prejudice to right to erasure (“right to be forgotten”). That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right referred to in paragraph 1 of this point shall not adversely affect the rights and freedoms of others.

Point 2.2. Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, the data subject may exercise his or her right to object by automated means using technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to paragraph 3 point 4 of the Point 2.2. - Right to erasure (“Right to be forgotten”), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

Section 1.7. Compliance with the Principles of the EU-U.S. Privacy Shield Framework and General Data Protection Regulation 

Postmarc conducts effective privacy protection which includes robust mechanisms for assuring compliance with the Principles of the EU-U.S. Privacy Shield Framework in a way that is consistent with EU law and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

By using our Service, you are acknowledging that you have read all regulation listed above.

Postmarc collects only personal data necessary for maintenance of the Service which has been demanded by its users.

Section 1.8. Indemnification, Severability and Changes to the Terms of Service

Point 1.1. – Indemnification

You agree to indemnify, defend and hold harmless Postmarc and our parent, subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys’ fees, made by any third-party due to or arising out of your breach of this Privacy Policy or the documents they incorporate by reference, or your violation of any law or the rights of a third-party.

Point 1.2. Severability

In the event that any provision of the Privacy Service is determined to be unlawful, void or unenforceable, such provision shall nonetheless be enforceable to the fullest extent permitted by applicable law, and the unenforceable portion shall be deemed to be severed from the Privacy Policy, such determination shall not affect the validity and enforceability of any other remaining provisions.

Point 1.3. Changes to the Privacy Policy

Postmarc reserves the right to change its Privacy Policy at any time. You will only be notified either by email to your registered email address or by prominent posting on the Sites. It is your responsibility to make sure that you agree with the new Privacy Policy, whenever changes have been announced. Changes to the Privacy Policy will be effective 48 hours after the notice has been posted on the Service. If you do not agree with the Privacy Policy, do not use our Service.”