Your GDPR Rights (only for residents in Europe)
Controller
The protection of your personal information is a top priority for 1&1 Mail & Media Inc. We adhere to the relevant data privacy laws and would like to provide comprehensive information about the handling of your data in the following notice. The responsibility for data protection lies with:
1&1 Mail & Media Inc.
100 North 18th Street Suite 400
Philadelphia, PA 19103
Data Protection Officer
Data Protection Officer of 1&1 Mail & Media Inc.
1&1 Mail & Media Inc.
100 North 18th Street Suite 400
Philadelphia, PA 19103
or e-mail: dataprivacy@corp.mail.com
Your Rights as a Data Subject
- According to the European General Data Protection Regulation (GDPR), every data subject has the right of access according to Article 15 GDPR,
- to rectification according to Article 16 GDPR,
- to erasure according to Article 17 GDPR,
- to restriction of processing according to Article 18 GDPR,
- to object according to Article 21 GDPR, and
- to data portability according to Article 20 GDPR.
- We will address your requests in accordance with the legal requirements.
- If you have any questions, please do not hesitate to contact our customer service.
- Moreover, you have the right to lodge a complaint with a data privacy supervisory authority (Article 77 GDPR).
You can also file a complaint with the supervisory authority in your country.
Click here to find the supervisory authority in your country
This is how you can exercise your rights:
Right of access by the data subject
In the customer self-care center of your mail.com account, you will find an overview of all your settings and data that you have stored with mail.com.
You can request further information from our customer help center and/or data protection officer using the contact details above.
Rectification, Erasure and Restriction of Processing
In your mail.com inbox under ‘My Account’, you can view your data and manage it yourself. If you have a contractual relationship with us, please understand that we save and process your data as required for the term of your contract. There may also be retention duties arising from legal requirements, for example commercial or tax law.
Revocation of Your Consent
You can revoke the granted consent at any time. This also applies to the revocation of declarations of consent that you provided to us before the entry into force of the EU General Data Protection Regulation, i.e. before May 25, 2018. Processing that took place before the revocation is not affected by this.
If you no longer wish to receive interest-based online advertising, you can revoke your consent using the Permission Management.
Objection
According to Art. 21 GDPR, you have the right to object to the processing of your personal data that is done on the basis of Art. 6 (1) (f) GDPR (data processing is necessary for the purposes of the legitimate interests).
Your Right to Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit this data to someone else. You have this right if the processing of your data is based on consent in accordance with Art. 6 (1) (a) GDPR, Art. 9 (2) (a) GDPR or a contract pursuant to Art. 6 (1) (b) GDPR. When exercising this right, you may also choose to have the affected data transmitted directly by us to another controller if this is technically feasible.
If you want to do it yourself, go to ‘My Account‘ where you will find the option of exporting your data under the item ‘Personal Data‘.
Right not to be subject to a decision based solely on automated processing
We do not use any automated decision-making as specified by Art. 22 GDPR which produces legal effects or significantly affects you.
Voluntary nature of the data provided
In cases in which data processing is based on your consent, you provide your data voluntarily and you can withdraw your consent at any time. However, in some cases, we need your information to provide our services in accordance with our GTCs, e.g. within the scope of mail.com Free Webmail, or to process this data in our legitimate interest (see next point).
Legitimate Interests
Occasionally, we also process the data of our customers on the legal basis of Art. 6 (1) (f) GDPR. When processing your data in this case, we may pursue the following legitimate interests:
- improve our products and/or services
- protect from abuse
- internal statistical purposes
Transmission of Data Abroad
Please note that this product is intended for an audience in the United States, and that the information is processed on servers located in the United States. The processing of the information therefore takes place in this territory.
We also transfer personal data in the following cases:
To our group companies for the following purposes:
- File data are transmitted to other group companies and a central file that is kept by United Internet AG, Montabaur, for the purpose of protecting all group companies. If there is a legitimate interest, this data will be made available to other group companies for a specific purpose, taking into account the customer's legitimate interests. You can view the names and locations of our group companies on the United Internet website.
- To third-party service providers in order to facilitate the services provided for us.
- This can include providers of services such as website hosting, data analysis, information technology and the provision of related infrastructure, customer service, e-mail delivery and other services.
- We may also use and disclose your personal data if it is necessary or appropriate, in particular if we have a legal obligation or a legitimate interest in this regard:
- To comply with applicable laws and regulations.
- This may include laws outside of your country of residence.
- To work with public agencies and government agencies.
- To answer a request or to provide information that we believe is important.
- These authorities can also be located outside of your country of residence.
- To work with law enforcement agencies.
- For example, to respond to inquiries or orders from law enforcement agencies or to provide information that we believe is important.
- Due to other legal bases.
- To assert our terms and conditions.
- To protect our rights, privacy, safety or property, or the property of our affiliates, you or others.
- In connection with a sale or a business transaction.
We have a legitimate interest in disclosing or transferring your personal data to third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of the company, all assets or shares (including in connection with bankruptcy or similar proceedings). Such third parties can include e.g. an acquiring company and its consultants.
The following information applies to e-mails and address book and calendar data, except in certain exceptional (and justified) cases, which we will describe in greater detail in the respective product category below.
Retention Periods
We only store your personal data as long as is necessary for the purpose or, if a longer retention period is concerned, as long as is required or permitted in accordance with applicable law. The duration of our business relationship with you (e.g. the period in which you maintain your account with us) or the fact that we must retain the data due to a legal obligation are decisive for this purpose.