Privacy Policy

SantaMail Privacy and Data Handling Policy

 

At SantaMail, we take privacy and data handling seriously. This policy outlines how we collect, process, store, use, share, and dispose of data from our customers.

Data Collection

 

– We only collect personal data that customers voluntarily provide when placing an order, such as name, email, phone number, and delivery address. This allows us to fulfill and deliver customized orders.

– Customization information in the form of product options are also provided voluntarily by customers.

– We do not collect any other personal or tracking data.

Data Processing 

 

– Customer data is stored in an AWS RDS (Aurora/PostgreSQL) database hosted in the AWS cloud.

– Data is processed by authorized personnel using EC2 instances to generate order fulfillment files.

– Files contain only necessary customer data and are deleted after fulfillment.

Data Use

 

– We use customer data exclusively to fulfill and deliver orders and provide customized products. 

– Data is never sold or shared except with our fulfillment partner.

Data Sharing

 

– Customer name, address, and gift personalization is sent to our fulfillment partner to deliver completed orders.

– No other data sharing occurs.

Data Retention and Disposal

 

– Customer data is retained only as long as necessary to fulfill orders and for legal compliance.

– Data older than 1 year is disposed by permanent deletion and sanitization of databases and files. 

– Physical documents are crosscut shredded and recycled.

 

Please contact our Data Protection Officer at dpo@santamail.org if you have any other questions about our privacy and data handling practices.