Other Policies 

Effective Date : 19-Aug-2019 

Acceptable Use Policy
We are committed to ensuring the highest level of service for its members. As part of that commitment, it is important that we all abide by this Acceptable Use Policy, thus preserving the highest reputation and deliverability of our service. Violation of this policy may lead to your account suspension or termination. Additionally, your accounts may be suspended or terminated pursuant to our Terms & Conditions for behavior, activities, or content that threaten our systems.

Prohibited Content
We may not be used to promote, market, exchange, store or produce offensive, illegal, harassing activities, or business that is likely to be flagged by spam agencies/filters. Prohibited content includes, but is not limited to:
i. Illegal goods or services
ii. Emails that violate CAN-SPAM Laws
iii. Pornography/sexually explicit content
iv. Escort and dating services or products
v. Pharmaceutical products
vi. Products involving unsubstantiated medical claims
vii. Opportunities that involve unsubstantiated income claims
viii. Gambling services or products
ix. Selling “Likes” or followers for a social media platform
x. Email advertisements for multiple companies all to the same list (sometimes known as “dedicated email ads” or “solo email ads”)

Content Subject to Scrutiny
While the following activities are not forbidden, they have a higher-than-normal likelihood of resulting in a loss in reputation/delivery. As a result, businesses engaging in these practices that cause or may cause a degradation in the service, we provide may be subject to throttling, suspension, or termination:
i. Online trading, day trading tips, or stock market related content
ii. Crypto currencies, virtual currencies or digital currencies
iii. Daily horoscope reports
iv. Mortgages and loans
v. Nutritional, herbal, and vitamin supplements
vi. Adult Entertainment/Novelty Items
vii. Real estate
viii. Services that support programmatically sending mail on behalf of third parties without creating or reviewing the content
ix. Multi-Level Marketing
x. Affiliate Marketing
Prohibited Actions
We may not be used in connection with any user content that involves, to any degree, any of the following:
i. False or misleading business opportunities, scams, or pyramid schemes;
ii. Health claims that have been determined to be false or misleading by a regulatory agency; illegal activities;
iii. Sales of drugs or pharmaceuticals;
iv. Sales of illegal products or services;
v. Pornography or sexually explicit content;
vi. Content that promotes or depicts human trafficking, child abuse, animal abuse, or which encourages or promotes abuse of alcohol, drugs or other substances, graphic or gratuitous violence, or people being injured, beaten, hurt, attacked, or humiliated;
vii. Content that is needlessly shocking to the senses, gratuitously gross, or which depicts or promotes accidents, death, hate speech attacking or demeaning a group based on race, ethnic origin, religion, disability, gender, age, and the like;
viii. Any use of the Software in connection with predatory behavior, including invasions of privacy, directed to other persons, particularly children, is not permissible and, will not be tolerated.
ix. Harvesting or scrubbing leads from directories, websites, forums, social media sites, etc. All leads must be acquired through a voluntary form fill-in, such as a registration form, a checkout form, etc.
x. Promoting affiliate links via commonly frowned-upon practices in the affiliate marketing industry including, but not limited to: cookie injection, spamming forums or social media, automated scripts, etc.
xi. Use, initiation, or implementation of any automated system, including without limitation, "robots," "spiders," or "offline readers," or “through”, or “with our software” in a manner that utilizes more resources from (a) the software, (b) any Enn Ram
xii. server or site, or (c) any third-party server or site, in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser
xiii. The sending or distribution of unsolicited commercial email, use of malicious code, spyware, malware, Trojan horses and the like purchased lists (of any form), Rented lists (of any form), List brokers (of any form) 

GDPR: The EU Data Protection Law
General Data Protection Regulation (“GDPR”)

The GDPR is a unified regulation that supersedes and universalizes previous privacy laws in Europe, offering citizens and residents of the European Union (EU) greater transparency and controls over how their personal data is used by others. The GDPR requires the compliance of businesses which transact in Europe, or which facilitate transaction in Europe.

Controllers and Processors
There are two key roles defined in the GDPR with respect to personal data: Controller and Processor. The Controller is the business -- you. As a customer of us, you operate as the Controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner pursuant to the GDPR and that you are using processors, such as our company, that are committed to handling the data in a compliant manner.
We are considered a Processor. We act on the instructions of the Controller (you), which come in the form of online or external (API) requests. Like Controllers, Processors have an obligation to explain what they do with personal data. However, as a Processor, we rely on you, the Controller of the data and our customer, to ensure that there is a lawful basis for processing.
Processors may, in the performance of their service, use other third-parties in the processing of personal data. These entities are known as sub-processors. For example, we leverage cloud infrastructure providers like PayPal, Paytm, Amazon Web Services, Rackspace, as well as other services like SendGrid.
With the implementation of the GDPR, we’re updating our privacy policy and End User License Agreements to include data processing sections that ensure that any business that requires a GDPR-compliant processor can use of our company products or services.
These documents are available as per GDPR guidelines goes into full enforcement time to time. Our legal team updates the policies as applicable time to time

Processing of Personal Data
In order to process personal data, you need a lawful basis for processing. There are several methods to establish a lawful basis for GDPR compliance, but the most likely mechanisms you will rely on when communicating with your customers and leads is one of the following:

1. Consent – Much of the GDPR revolves around the concept that your leads and customers have consented to you collecting their personal data, to you using (e.g. processing) their data, or to receiving communications. According to the ICO, the following criteria must be met to show valid consent:11.
A. Consent must be freely given. This means giving people genuine, ongoing choice and control over how you use their data.
B. Consent should be obvious and require positive action to opt in. Consent requests must be prominent, unbundled from other terms and conditions, concise, user-friendly, and easy to understand.
C. Consent must specifically cover the data Controller’s name, the purposes of the processing, and the types of processing activity.
D. Explicit consent must be expressly confirmed in words, rather than by any other positive action.
E. There is no set time limit for consent. How long it lasts will depend on the context. You should review and refresh consent as appropriate.
In short, under the GDPR (and it's a good idea in general), consent must be obtained by a “clear affirmative act”. In contrast to ‘clear affirmative acts’ pre-checked boxes or implicit consent are inadequate to establish consent.

If you are relying on consent as the lawful basis for processing data, the GDPR requires recorded evidence that consent has been given. You thus need in your business the ability to record proper consent for each customer and lead. When you enable the GDPR functionality with us, you could obtain your lead's consent at the point of opt-in, and that consent will be registered as a tag associated with that lead.

Note: we cannot control what you do with leads in an automated, API environment. You will need to ensure that, when we are acting as a sub-processor, that you use your main processors to ensure you are compliant with the GDPR. (If your main processor is not GDPR compliant, that could be difficult.)

2. Contract – In addition to consent, another lawful basis for processing data is if the processing of personal data is necessary for the performance of a contract. Password reset, billing notifications, and onboarding communication would likely fall under this lawful basis. In other words, if it’s a customer who transacts with you, there are certain processing tasks that must be undertaken for you to provide the service. Likewise, to keeps its commitments under its EULA and provide service to you, we must perform certain processing.

How We Use Personal Data
We are committed to full transparency in the handling and processing of your customers’ personal data that you control.
The User Data we collect: Name, Email, Phone, Address, Country, IP, and Username (if not a user, it's automatically generated).
we track the following activities: transactions, helpdesk tickets, memberships, associated lists, and associated sequences.
Data is stored or deleted at the Controllers' request. When a Controller ceases to be an active our customer, their accumulated data is retired to a storage cluster of servers with no front-facing access. After an arbitrary period, the data is deleted.

Data Subject Rights
Under the GDPR, EU data subjects are certain rights regarding their data. These include: The Right to Data Portability and the Right to Access. we offer tools to let you answer customer queries about what data you have collected through us and what's been done with it. Keep in mind, if you have collected personal data outside of our company, we have no knowledge or ability to answer queries regarding such data.

The Right to be Forgotten and The Right to Restriction of Processing
Have a lead or customer who wants their personal data out of your database? No problem! You can remove that contact from any list or sequence -- or even delete them entirely. However, transactional records will remain intact for bookkeeping purposes (though personal data will be redacted (e.g. ‘blacked out’ from view).
Unless otherwise required by law, if we receive any type of request from a data subject, we will engage the respective customer within seven working days to respond to the data subject request.

Data Processing Addendum
Our data processing addendum (DPA) to our End-User Licensing Agreement formalizes many of the details described on this site in specific legal language. As part of the EULA, the DPA will govern the terms by which our company, as a data processor, processes data on behalf of its customers (who are typically data controllers) in accordance with Article 28 of the GDPR. These include sub-processors engaged in delivering our services, countries through which the data is passed (cross-border protocol), security measures undertaken to ensure that your data is kept private , breach notification protocol

Does the GDPR impact businesses outside of the EU?
In many cases, yes. Even businesses that are not based in the EU are subject to the GDPR if they are collecting personal data on EU residents. Enforcement of the GDPR outside of the EU will be by EU authorities and it remains to be seen how aggressive they will be. Consult your own legal counsel but it is widely accepted that companies that collect personal data from EU residents will be subject to the requirements of the GDPR.

Does the GDPR require data to be stored in the EU?
The GDPR does not require that data processing (including storage of data) be limited to the EU. The EU-US Privacy Shield is one of several valid lawful mechanisms to transfer data between the EU and the US. In addition to Privacy Shield, our Data Processing Addendum includes the EU Model Clauses, which is also a valid mechanism for the lawful transfer of data between the EU, US and India.

How does the GDPR impact personal data collected before May 25th? Will I need to get consent for all my leads again?
The GDPR applies to all personal data, even if it was collected before May 25, 2018. As your business is preparing for the implementation of the GDPR, you should make sure you can properly audit the consent records for the EU-residing members of your email list, or that you can obtain and record evidence of consent going forward.

Do you have a Privacy Policy?
Yes! It contains information on our policies and efforts to comply with all applicable regulations and to guarantee the privacy of your data. It can be found in our legal section.

Do you have a Data Processing Policy?
Yes! Our Data Processing Addendum to our EULA contains the details of our data processing and how we work with Controllers and Sub-processors to comply with the applicable regulations and to ensure the privacy of your data. You can obtain a copy of the our DPA by making a written request by email to our Data Protection Officer.

Who is Our Data Protection Officer (DPO)?

Ennram DPO is: Ram Kannan
Email address: legal@ennram.com
In accordance with Article 38 of the GDPR, members of the public may contact the DPO regarding issues related to processing of their personal data and to exercise their rights under the GDPR – for example, to object to the processing of their data in cases where the data controller (i.e., our customer) does not provide an adequate response.

Is our company PCI Compliant?
We adhere to, and is audited annually for compliance with, the Payment Card Industry Data Security Standard, which is a rigorous data protection framework oriented towards the protection of payment card data.
Our most recent PCI DSS audit documentation is available upon request. Please contact legal@ennram.com if you require the documentation.

Feel free to reach out to us by emailing us at legal@ennram.com with any questions you may have.

Digital Millennium Copyright Act (DMCA)

Enn Ram Policy on Intellectual Property Rights

We have the utmost respect, value, and appreciation for intellectual property rights – its own intellectual property rights and those of others.

We do not permit copyright infringing activities and infringement of intellectual property rights using its websites, software, products, or services related to our products or services (collectively “the Sites and Software”). All such uses of the Sites and Software are violations of our EULA as our Acceptable Use Policy. As with any system where user-contributed content (“User Generated Content”) is present, we do not have the technological means to know in advance or to determine whether any given content is used with permission, under license, or is a ‘fair use’. To the extent technically feasible, where infringing content is found and identified on a server or other computer directly controlled by us. We will endeavor to assist copyright holders in protecting their rights under the Digital Millennium Copyright Act.

Procedure for Filing a Claim of Infringement Under the DMCA (“DMCA Take Down Notices”)

A. If you are a copyright owner or an authorized agent of such an owner with a good faith belief that any content used with the Sites and Software or included as part of any User Generated Content infringes upon your copyrights, you may submit a notification pursuant to the Digital Millennium Copyright Act ("DMCA") by providing our Copyright Agent with the following information in writing (see 17 U.S.C § 512(c)(3) for further detail):

1) identification of the copyrighted work you claim has been infringed, or, if multiple copyrighted works are covered by a single notification, a representative list of such works;
2) identification of the material that you claim to be infringing or to be the subject of infringing activity and that you believe must be removed, or access to which should be disabled, and information reasonably sufficient to permit us to locate the material;
3) information reasonably sufficient to permit us to contact you, such as an address, telephone number, and, if available, an electronic mail;
4) a verified statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
5) a verified statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;

6) a physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

You should send the Take Down Notice to our designated Copyright Agent, authorized to receive notifications of claimed infringement:

Copyright Infringement
10th Floor, 26 and 27, Raheja Towers, MG Road,
Bengaluru (BANGALORE) Karnataka India 560001
Email: legal@ennram.com

NOTE: only verified DMCA Take Down Notices should go to the designated Copyright Agent; any other feedback, comments, requests for technical support, and other communications should be directed to Enn Ram. You acknowledge that if you fail to comply with all the requirements of this Section 5(D), your DMCA Take Down Notice may not be valid and may not achieve the desired result. DMCA Take Down Notices that do not substantially comply with the foregoing requirements, which do not provide enough information for the allegedly infringing content to be located, or which lack the requirement verification may not receive a reply.

B. Upon receipt of a verified DMCA Take Down Notice that identified allegedly infringing content in the required manner, we will investigate and disable access to the allegedly infringing material. We will also notify its User of the Take Down Notice, and if we receive a Counter Notice that substantially complies with the requirements below, we may restore access to the content in question consistent with the procedures below and the provisions of the DMCA.

C. Counter-Notices
We understand that copyright holders are not always correct in their beliefs regarding infringement, even when requesting ‘take downs’ in good faith under the DMCA. If you believe that your content that was removed (or to which access was disabled) is not infringing, or that you have the authorization from the copyright owner, the copyright owner's agent, or pursuant to the law, to post and/or use the material in your content, you may send a Counter-Notice containing the following information to the designated Copyright Agent (see above):

1) identification of the content that has been removed or to which access has been disabled and the location at which the content appeared before it was removed or disabled;

2) a statement that you have a good faith belief that the content was removed or disabled as a result of mistake or a misidentification of the content;

3) your name, address, telephone number, and e-mail address, a statement that you consent to the jurisdiction of the jurisdiction of the Courts of Bangalore, Karnataka for India customers and a statement that you will accept service of process from the person who provided notification of the alleged infringement; and

4) your physical or electronic signature;
If a Counter-Notice is received by the Copyright Agent, we may send a copy of the Counter-Notice to the original complaining party informing that person that it may replace the removed content or cease disabling it in 15 business days. Unless the copyright owner files an action seeking a court order against the user, the removed content may be replaced, or access to it restored, in 15 (to 20) business days or more after receipt of the Counter-Notice, at our sole discretion.

© Copyright 2019 Enn Ram (aka) Ramadurai R Kannan- All Rights Reserved.