Privacy Policy
This Policy describes the principles of processing Personal Data that is submitted to Touchpoint or that otherwise becomes available to Touchpoint in connection with the use by the Clients and other users of the Website, Software, and Service.
This Policy is an agreement between the Clients and Touchpoint, which states how Personal Data submitted by the Clients is processed by Touchpoint on behalf of the Clients.
Please read this Policy carefully to understand the practices that Touchpoint applies regarding processing of Personal Data.
This Policy constitutes an integral part of the agreement entered into between the Clients and Touchpoint. By viewing the Website and/or using the Software and Service, the Clients confirm that they have familiarized themselves with this Policy, understood it, and agree to its terms.
This Policy also constitutes a data processing agreement between the Clients (as Controllers of Personal Data) and Touchpoint (as Processor of Personal Data) in the meaning of article 28 of GDPR (General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council).
Touchpoint shall be entitled to unilaterally review and amend this Policy from time to time. Therefore, Touchpoint advises to periodically review the Policy in the case of any changes to it. Continued use of the Website, Software, and Service means the consent to any such changes.
If the Client or other users do not agree with any or all terms of this Policy or any possible changes to it, then they should immediately close the Website and cease using the Software and Service.
Definitions
- Client(s) means a legal entity that registers for and uses the Touchpoint Service provided by Touchpoint.
- Content means email templates and related material (including HTML or text) created or uploaded by the Client while using the Service, which may in rare cases contain personal data.
- Data Subjects means all natural persons, whose personal data is submitted to Touchpoint by the Clients or by the natural persons directly in connection with using the Website, Software, and the Service
- GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
- Policy means this privacy policy of Touchpoint as amended from time to time.
- DPA means the data processing agreement between Touchpoint and the Client incorporated into this Policy.
- EU Standard Contractual Clausesmeans (i) the standard contractual clauses adopted by the European Commission on 4th June 2021 for the transfer of Personal Data to third countries pursuant to the GDPR; or (ii) such other standard contractual clauses that are approved by the European Commission for Controller to Processor transfers of Personal Data to a third country which has not received an Adequacy Decision.
- Personal Datameans (i) the standard contractual clauses adopted by the European Commission on 4th June 2021 for the transfer of Personal Data to third countries pursuant to the GDPR; or (ii) such other standard contractual clauses that are approved by the European Commission for Controller to Processor transfers of Personal Data to a third country which has not received an Adequacy Decision.
- Processingmeans any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Controllermeans the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
- Processormeans a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
- Transfermeans (i) a transfer of Personal Data from the Client to Touchpoint; or (ii) an onward transfer of Personal Data from Touchpoint to a subcontracted Processor or between two establishments of Touchpoint.
- Servicemeans the suite of online tools provided by Touchpoint for creating and exporting HTML email templates for marketing purposes, which includes AI functionalities powered by third-party providers.
- Touchpointmeans Textmagic AS, a private limited company registered in Estonia (registry code 16211377), providing the Touchpoint Service.
- Websitemeans the Touchpoint website www.touchpoint.com through which the Service is accessed.
Scope of Data Processing
- Touchpoint is a web-based platform for generating email templates. The Service is not designed for the processing or long-term storage of personal data. Touchpoint does not actively collect or store personal data through the Service, except in the limited instances described below.
- We act as a data Processor in relation to personal data submitted by Clients when using the Service. Clients as the Controllers are responsible for ensuring that such data has been collected and is processed in accordance with applicable laws, including having a legal basis and providing notice to data subjects.
What Personal Data Do We Process?
- We may process the following categories of personal data in connection with the Touchpoint Service:
- Client user account data– If you register for the Service, we may collect your company name, business email address, and billing information for account setup and administration.
- Recipient data (optional and Client-provided)– – Clients may enter or include email addresses of recipients as part of template content. This data is processed solely on the Client’s initiative and is not required for using the Service. The Client is acting as data Controller with regard to any recipient data.
- Content data (if applicable)– Clients may include names or other identifiers in template text fields. This data is stored temporarily and not actively accessed by Touchpoint.
- Technical and usage data– We collect usage logs, browser type, IP address, device data, and other metadata to monitor access, security and improve functionality.
Objectives of Processing of Personal Data
- Touchpoint processes the Personal Data upon:
- Usage of the Software and Service by the Clients, including when they submit to Touchpoint information about their clients (Touchpoint is acting as Processor);
- Communication between Clients and/or Data Subjects and customer support of Touchpoint in connection with the Website, Software, and Service (Touchpoint is acting as Controller).
- Touchpoint works closely with third parties (including, for example, business partners, information service providers such as AI service providers, email delivery providers, sub-contractors in technical, payment, and delivery Service, advertising networks, analytics providers, search information providers, credit reference agencies, large language model providers) and may receive Personal Data from them or submit the Client’s Personal Data to them for the purposes of providing the Service and performing the contracts entered into with the Clients.
- Touchpoint sends messages to the Clients by electronic means (e-mail or SMS) with information about improvements to the Website, Software and Service, new proposals, and developments (direct marketing). Touchpoint sends such messages to the contact details provided by representatives of the Clients at the moment of registration or updated later. The Clients confirm hereby and guarantee that contact details provided by representatives of the Clients are at all times company details of the Clients, but not personal contact details of representatives and therefore Touchpoint can use such contact details freely to send its marketing messages without any additional obstacles. The Clients may at any time unsubscribe from the newsletters by clicking on the corresponding specific link contained in each newsletter.
Legal Basis for Processing
Data Transfers and Access
- We restrict access to personal data to those who need it for service delivery and support, and limit transfers to third parties to what is strictly necessary for providing the Service. These transfers may include:
- Third-party service providers,such as hosting Service, payment Processors, analytics tools, and AI platforms (e.g., Claude API), who process data under our instruction and based on appropriate contracts;
- Public authorities,where required by applicable law, regulation, or binding legal process.
All third-party access is governed by appropriate data processing agreements that ensure such parties only process personal data in accordance with our instructions and applicable data protection laws.
Touchpoint does not sell or otherwise disclose personal data to unauthorised third parties. Any transfers carried out in the context of the Touchpoint Service remain limited, purpose-bound, and appropriately safeguarded.
International Data Transfers
- Touchpoint operates within the EEA and does not, in the normal course of providing the Touchpoint Service, transfer personal data to third parties or to countries outside the EEA. Any incidental data transfers that may occur through use of subProcessors (such as cloud hosting or AI service providers) are subject to appropriate safeguards.
- here such transfers are necessary, we ensure adequate protection of personal data through one or more of the following mechanisms:
- EU Standard Contractual Clauses (SCCs);
- Transfers to countries with European Commission adequacy decisions;
- their lawful mechanisms compliant with the GDPR.
It remains the Client’s responsibility, as the data Controller, to ensure that any personal data included in Content is lawfully collected, transferred, and processed in accordance with applicable laws. This includes ensuring that appropriate data subject notices and consents are in place when required.
Data Retention
- We retain personal data only for as long as necessary to fulfil the purposes described in this Policy or as required by law.
- Personal data embedded in templates or provided through usage is stored temporarily for a maximum of 60 days and then deleted according to automated retention settings. Account-related data may be stored longer for tax or audit purposes.
- In case of closing an account, the Clients must accept the deletion of account data and Content.
- In case of closing an account, the Clients must accept the deletion of account data and Content.
Data Security
Your Rights
Cookies
- For information about our use of cookies, please refer to the "Use of Cookies" section in the Touchpoint Terms of Service.
Changes to This Policy
- We may update this Policy from time to time. Updates will be published on our Website with a new revision date. We encourage users to review it regularly.
Contact Information
- Should you have any questions regarding this Policy or the processing of Personal Data, you are welcome to contact Touchpoint with all such requests, inquiries or any complaints via e-mail: [email protected].
UPDATED: 20 May 2025