EU-U.S. and Swiss-U.S. Privacy Shield Policy

Last updated: April 18, 2018

Simpler Postage Inc. (“EasyPost”, “we”, “our” or “us”) has certified compliance the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). EasyPost adheres to the Privacy Shield Principles including the Supplemental Principles, (collectively, the “Privacy Shield Principles”) for Personal Data received from entities in the European Economic Area (the “EEA”) and Switzerland.

This EasyPost Privacy Shield Policy (“Privacy Shield Policy”) and the EasyPost Privacy Policy (“Privacy Policy”) describe the privacy practices that we implement for Personal Data received from the EEA or Switzerland in reliance on the Privacy Shield. This Privacy Shield Policy uses terms which are defined in the Privacy Policy.

If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles as concerns the Personal Data received under the Privacy Shield, the Privacy Shield Principles shall govern to the extent of the conflict. To learn more about the Privacy Shield program visit www.privacyshield.gov, and to view our certification, please visit www.privacyshield.gov/list.

Privacy Shield Principles

Notice and Choice

Our Privacy Policy describes how we use Personal Data we receive from different sources. This Privacy Shield Policy describes how we process Personal Data covered by the Privacy Shield.

In this policy, we refer to a user of one or more of our Services as "User", and customers of our users as "Customer". If you are a User, EasyPost acts as processor for you in relation to the Personal Data that you provide or make available to EasyPost. EasyPost does not have a relationship with your Customers. Therefore, the User is responsible for ensuring that Customers are provided with appropriate notice and choice with respect to their Personal Data.

EasyPost collects name and address information when Customers use our service. When individuals visit our website, we collect IP address information in order to provide you more relevant content.

Data Integrity and Purpose Limitation

We only collect Personal Data that is relevant to providing our Services. We process Personal Data compatible with us providing the Services or as otherwise notified to you. We take reasonable steps to ensure that the Personal Data received under the Privacy Shield is needed for EasyPost’s Services, accurate, complete, and current.

Accountability for Onward Transfers

EasyPost may disclose Personal Data to trusted third parties as indicated in the Privacy Policy. EasyPost requires that its agents and service providers that have access to Personal Data within the scope of this Privacy Shield Policy provide the same level of protection as required by the Privacy Shield Principles. We ensure that our agents process Personal Data received under the Privacy Shield in a manner consistent with our obligations under the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. EasyPost recognizes its responsibility and potential liability for onward transfers.

We may need to disclose Personal Data in response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personally identifiable information may be part of the transferred assets. You acknowledge that such transfers may occur, and that any acquirer or successor of EasyPost may continue to use your information as set forth in this policy without additional consent from you, provided such entity agrees to the provisions of this policy.

Data Security

We use reasonable and appropriate physical, electronic, and administrative safeguards designed to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information.

EasyPost provides periodic training for its employees involved in the collection and dissemination of User Information. In addition, EasyPost’s internal policies and procedures provide for disciplinary action if our employees fail to follow this Privacy Policy. We periodically self-assess and review these internal policies and procedures to review compliance.

Access to Personal Data

Our Privacy Policy explains how you may access and/or submit requests to review, correct, update, suppress, or delete Personal Data. You can ask to review and correct Personal Data that we maintain about you by sending a written request to privacy@easypost.com. We may limit or deny access to Personal Data where providing such access is unreasonably burdensome, expensive under the circumstances, or as otherwise permitted by the Privacy Shield Principles.

When EasyPost acts on behalf of its Users, EasyPost will assist Users in responding to Customers exercising their rights under the Privacy Shield Principles.

If you are a Customer of a User, please contact the User directly with your request to access or limit the use or disclosure of your Personal Data. If you contact us with the name of the User to which you provided your Personal Data, we will refer your request to that User and support them in responding to your access request.

Recourse, Enforcement and Dispute Resolution

If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles.

In the event we are unable to resolve your concern, EasyPost is committed to cooperating with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and will comply with the advice given by such authorities with regard to data transferred from the EU and Switzerland.

If a complaint cannot be resolved through these channels, under limited conditions, EU individuals may invoke binding arbitration before a Privacy Shield Panel of the U.S. Department of Commerce and the European Commission.

EasyPost is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

Contact Information

If you have any questions regarding this Privacy Shield Policy, please contact us by email at privacy@easypost.com, or please write to the following address:

Simpler Postage, Inc. (dba EasyPost)
1 Montgomery Street, Suite 400,
San Francisco, CA 94104
Attention: EasyPost Legal

Changes to this Privacy Shield Policy

This Privacy Shield Policy may be changed from time to time, consistent with the requirements of the Privacy Shield and in accordance with the process described in the Privacy Policy. You can determine when this Privacy Shield Policy was last revised by referring to the “Last Updated” date at the top of this page.