<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
</head>
<body>
<p>To Whom It May Concern,</p>
<p>We are researchers at Princeton University conducting a study of how websites are implementing the EU and UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are reaching out to you because this email address is provided as a contact on the website offlineimap.org.</p>
<p>Your website may be required to implement one or both of GDPR and CCPA, and we would appreciate if you would answer a few brief questions about your privacy practices.</p>
<p>1) Does offlineimap.org implement GDPR or CCPA? If not, could you please explain why? If you are uncertain about whether offlineimap.org is required to implement these laws or answer questions like ours, we have included informative resources at the end of this email.</p>
<p>2) If you implement GDPR or CCPA, do you process data access requests from individuals who are not residents of the EU or UK (for GDPR) or who are not residents of California (for CCPA)?</p>
<p>3) If you implement GDPR or CCPA, do you process data access requests via email, a website, or telephone? If via a website, what is the URL?</p>
<p>4) If you implement GDPR or CCPA, what personal information must a user submit for you to verify and process a data access request?</p>
<p>5) If you implement GDPR or CCPA, what personal information do you provide in response to a data access request?</p>
<p>Thank you in advance for your answers to these questions. If there is a better contact for questions about privacy practices on offlineimap.org, I kindly ask that you forward my request to them.</p>
<p>Sincerely,<br>
Ross Teixeira</p>
<p>----------</p>
<p>We offer these resources about GDPR and CCPA for your convenience. Please note that we cannot provide legal advice about whether offlineimap.org is required to implement these laws or respond to our questions like ours about GDPR and CCPA practices.</p>
<p>* Article 3 of the GDPR, which specifies coverage: <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1455-1-1">https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1455-1-1</a></p>
<p>* European Data Protection Board guidance on GDPR coverage: <a href="https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en">https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en</a></p>
<p>* California Attorney General guidance on CCPA coverage: <a href="https://oag.ca.gov/privacy/ccpa#sectiona">https://oag.ca.gov/privacy/ccpa#sectiona</a></p>
<p>* Section 1798.140 of the California Civil Code, which specifies the businesses that CCPA covers: <a href="https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath=8.4.45&lawCode=CIV">https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140.&nodeTreePath=8.4.45&lawCode=CIV</a></p>
</body>
</html>