Privacy Policy

Last updated: 03.04.2026

Version Two s.r.o. (hereinafter referred to as "operator" or "we") operates the Mailwell service – an email marketing platform available at mailwell.sk. The protection of your personal data is important to us. This privacy policy explains what data we collect, how we use it, with whom we share it, and what rights you have regarding its processing.

1. Operator

Version Two s.r.o.
Company ID: 51636549
Tax ID: 2120733417
Registered office: Bratislava, Slovak Republic
Email: podpora@mailwell.sk

2. What data we collect

2.1 Account data

When registering and using the Mailwell service, we collect:

  • First and last name
  • Email address
  • Company name (if provided)
  • Billing details (address, company ID, tax ID, VAT ID)
  • Login credentials (password is stored in encrypted form)

2.2 Subscriber data

As a Mailwell user, you upload your subscribers' contact data into the system – typically email addresses, names, and other custom attributes. We process this data solely based on your instructions as a processor (see section 4).

2.3 Engagement data

When sending emails through Mailwell, we automatically track:

  • Email delivery, opens, and reads
  • Link clicks in emails
  • Unsubscribes
  • Bounce notifications

2.4 Technical and operational data

  • IP address and browser information (user agent)
  • Platform usage data (page visits, interface actions)
  • Login and security event logs

2.5 Payment data

We process payments through Stripe. We do not store payment card numbers on our servers – this data is processed directly by Stripe in compliance with PCI DSS. We only retain a customer reference and transaction history.

3. How we use data

We use your personal data for the following purposes:

  • Service provision – operating your account, sending emails, managing subscribers, displaying statistics
  • Billing and payments – processing payments, issuing invoices, managing subscriptions
  • Communication – responding to your questions, sending service notifications, informing about service changes
  • Analytics and improvement – analyzing platform usage, identifying issues, developing new features
  • Security – protection against misuse, fraud detection, ensuring service integrity
  • Legal obligations – accounting, fulfilling regulatory requirements

4. Processing subscriber data – processor role

Regarding subscriber data that you upload to the Mailwell service, we act as a processor within the meaning of Art. 28 of the GDPR. You, as the service user, are the controller of this data.

This means that:

  • We process your subscribers' data solely based on your instructions and for the purpose of providing the service
  • We do not use your subscribers' data for our own marketing purposes
  • We do not sell or share your subscribers' data with third parties beyond what is necessary for service provision
  • We implement appropriate technical and organizational measures to protect this data
  • You are responsible for obtaining the appropriate legal basis (consent, legitimate interest, etc.) for processing your subscribers' data

5. Legal basis for processing

We process your personal data based on:

  • Contract performance (Art. 6(1)(b) GDPR) – processing necessary to provide the Mailwell service
  • Legitimate interest (Art. 6(1)(f) GDPR) – analytics, service improvement, security
  • Legal obligation (Art. 6(1)(c) GDPR) – accounting, tax obligations
  • Consent (Art. 6(1)(a) GDPR) – marketing communication, cookies (where required)

6. Data retention period

  • Account data – for the duration of your account and 30 days after its cancellation
  • Subscriber data – for the duration of your account; deleted within 30 days after account cancellation
  • Billing data – 10 years from the end of the accounting period (legal obligation)
  • Engagement data – 24 months from sending the respective campaign
  • Technical logs – maximum 12 months
  • Cookies – according to type (see section 9)

7. Your rights under GDPR

As a data subject, you have the right to:

  • Right of access – obtain confirmation of whether we process your personal data and request a copy
  • Right to rectification – request correction of inaccurate or incomplete data
  • Right to erasure – request deletion of your personal data if there is no legal reason for further processing
  • Right to restriction of processing – request restriction of processing under certain circumstances
  • Right to data portability – obtain your data in a structured, commonly used, and machine-readable format
  • Right to object – object to processing based on legitimate interest
  • Right to withdraw consent – withdraw consent to processing at any time if processing is based on consent
  • Right to lodge a complaint – lodge a complaint with the Office for Personal Data Protection of the Slovak Republic

You can exercise your rights by email at podpora@mailwell.sk. We will respond to your request within 30 days.

8. Third parties and subcontractors

We use the following subcontractors to provide the service:

  • Stripe – payment processing (USA, EU-US Data Privacy Framework certification)
  • Hosting providers – servers and infrastructure within the EU
  • Email delivery providers – SMTP infrastructure for sending emails to your subscribers

We have data processing agreements (DPA) in place with all subcontractors in accordance with Art. 28 GDPR.

9. Cookies

The Mailwell service uses cookies for the following purposes:

  • Essential cookies – ensuring service functionality, login, security (session, CSRF token). These cookies are necessary and cannot be rejected.
  • Analytics cookies – anonymous analysis of service usage for improvement purposes. We use these cookies only with your consent.

You can manage cookies in your browser settings. Please note that disabling essential cookies may limit service functionality.

10. Data security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Data encryption in transit (TLS/SSL)
  • Encryption of sensitive data in the database
  • Regular data backups
  • Restricting data access to authorized personnel only
  • Security event monitoring
  • Regular software and security patch updates

11. International data transfers

We primarily process your data on servers located in the European Union. In case of data transfers outside the EU (e.g., payment processing through Stripe), we ensure an adequate level of protection through standard contractual clauses (SCC) or European Commission adequacy decisions (e.g., EU-US Data Privacy Framework).

12. Changes to privacy policy

We may update this policy from time to time. We will notify you of material changes via email or a notification in the Mailwell service. By continuing to use the service after changes are published, you express your consent to the updated policy.

13. Contact

If you have questions about data protection or wish to exercise your rights, contact us:

Version Two s.r.o.
Email: podpora@mailwell.sk
Web: mailwell.sk