POSTCROSSING, LDA. (hereinafter referred to as, Postcrossing) with tax number 513 308 016 and headquartered at Rua Elísio de Melo 28, 2, sala 20, 4000-196 Porto (Portugal) is a Portuguese company dedicated, among other activities, to the development and management of the web platform POSTCROSSING.COM (hereinafter referred to as, Platform).
Scope and coverage
Users can navigate through parts of the Platform without having to register, however, it is necessary to register to be able to make use of certain features, in particular those that enable the sending and receiving of postcards.
Personal data means any information in any nature and/or medium relating to an identified or identifiable person, directly or indirectly, in particular by reference to one or more specific elements, whether of their identity or their private life.
The collected personal data is an essential tool for users’ satisfaction and that personal data is processed in accordance with the applicable law and best practices. Postcrossing uses this data in an appropriate and expected way for the provision of its Platform services, namely, (a) to enable the services that facilitate the sending and receiving of postcards; (b) to setup the user accounts and profiles; (c) to improve the contents of the service; (d) to report news about the Platform; (e) to adapt the services to the needs of its users; (f) and, to allow the development of new features.
Postcrossing collects and processes personal data necessary for the provision of services, to its operations and Platform management, namely, username, name, email address, postal address, date of registration and of the last login and profile image.
When using the service, the Platform can automatically register in its servers general data, such as the type of browser, IP address and requested pages.
How data is collected
The data will be collected through forms and through the Platform's usage, after the user acknowledges the collection and consents to its processing, which is made according to the law. The collected data is stored on secure servers and will not be used, in any situation, for any purpose other than that for which consent was previously obtained.
Users and security
Postcrossing takes the security of personal information very seriously, and does its best to safeguard it. Keeping in mind the state of the art and the technical knowledge available, Postcrossing uses technical and organizational measures to protect personal data against destruction, accidental or unlawful loss, accidental alteration, disclosure or unauthorized access, within a level of security appropriate to the nature of the data being protected. However, Postcrossing cannot guarantee the total security of the information of its users' accounts against all possible situations of unauthorized access, hardware or software failures and other factors that may compromise the security of the information.
Users should make careful use of the Platform in order to prevent unauthorized access to their accounts and personal information, namely, by carefully selecting and protecting their passwords and limiting access to the devices through which they access the Platform.
Personal data will be stored and kept only for the lifespan of each user's account, and up to two (2) years after its termination, either by cancellation, suspension or lack of use of the Platform, as referred in the Terms of Service. This period is deemed to be sufficient for the purposes for which the personal data was collected. After this period, any personal data collected will be eliminated.
Users may update their personal data at any time through the account settings section of the Platform.
If the user is unable to update his personal data that way, they should contact Postcrossing via the proper contact form requesting this update, of which they will be notified by email as soon as it occurs.
Right of access
Data protection laws grant users the right to access their personal data at any time, as well as the right to oppose the use of the provided personal data. To this end, users should submit a written request through the proper contact form.
Users may eliminate their personal data at any time through the termination of their account on the Platform. However some of the personal data may be stored for a longer period of time, as detailed above.
Postcrossing uses statistical information gathering services, which collect anonymous information about the Platform’s usage, for example, time of visits, pages viewed and type of operating system used.
Disclosure to third parties
Postcrossing does not sell or rent personal data to third parties. However, sharing of personal data may occur under the following conditions:
- Postcrossing shares users’ postal addresses between users, in a restricted and controlled way, for the purpose of providing the postcard exchange related services of the Platform.
- Postcrossing may rely on third parties for the provision of certain services on its behalf, and these third parties may have access to some personal data. Postcrossing ensures that entities that have access to personal data are credible and offer high guarantees of protection, never transmitting more data than that which is necessary to provide the contracted service;
- Postcrossing may also transmit data to third parties regarding investigations, judicial enquiries and legal and/or administrative procedures, when ordered to do so by a court of law.
The Platform may contain links to other websites. These websites and the way they process collected information are the sole responsibility of their holders, and therefore, Postcrossing is not responsible for their privacy policies and/or practices.
In the event of any personal data being transferred to third-parties in countries which are not Member states of the European Union, Postcrossing will comply with the applicable legislation, in particular in regard to the adequate level of protection offered to personal data and the requirements for such transfers, not transferring personal data to jurisdictions that do not provide adequate safety and security guarantees.
Effective from: January 1, 2016