Privacy Policy

Privacy Policy

1&1 Mail & Media Inc. ("mail.com") has created this Privacy Policy in order to demonstrate our commitment to privacy to our customers and users of this website. This Privacy Policy governs the manner in which mail.com uses, maintains and discloses information collected from its customers and users of its website.

Key Terms:

• We, us, our: mail.com or 1&1 Mail & Media Inc.
• Data Protection Officer: Data Protection Officer of 1&1 Mail & Media Inc. (dataprivacy@corp.mail.com)
• Personal information: Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household.
• Sensitive personal information: Personal information revealing a consumer's social security number, driver's license and passport numbers, account numbers and credentials, precise geolocation, racial or ethnic origin, religious beliefs, or union membership, personal information concerning a consumer's health, sex life, or sexual orientation, contents of a consumer's mail, email and text messages where the business is not the intended recipient, genetic data, and biometric information.
• Biometric Information: An individual’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), that is used or is intended to be used singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

Children

mail.com does not knowingly collect personal information from customers under 18. mail.com understands, however, that parents, guardians, or other adults often register our products for family use, including use by minors. Because some information is collected electronically, it may appear to be that of the registered mail.com customer, and will be treated as such by this Privacy Policy. If we learn that a customer under the age of 18 has submitted personal information to mail.com we will attempt to delete the information as soon as possible.

Information We Collect

mail.com may request or collect personal information from online users in a variety of ways, including through online forms for ordering products and services, and other instances where users are invited to volunteer such information. The data we collect is information that identifies you personally. In the preceding 12 months, we have collected the following categories and specific types of consumer personal information:

• Your name
• Gender
• Date of Birth
• Postal address
• E-mail address
• Telephone number
• Credit card information
• Other billing information

We save this information so that it can be available to you to be used for such purposes as customer authentication.

You can modify your personal information at any time by logging in to your account at mail.com and navigating to My Account -> Personal Data.

To delete your account in its entirety, please navigate to My Account and follow the instructions under “Delete Account.” For more information on managing your account see the help section in your mail.com account. mail.com may also collect information about how users access the website using a tracking ID unique to each user through the use of cookies.

What are Cookies?

A cookie is a piece of data stored on the user's computer tied to information about the user. We may use both session ID cookies and persistent cookies. Third parties may also be placing and reading cookies on your browser, or using web beacons to collect information in the course of advertising being services on our website. For session ID cookies, once you close your browser or log out, the cookie terminates and is erased. A persistent cookie is a small text file stored on your computer’s hard drive for an extended period of time. Your browser’s help file contains information and instructions for removing persistent cookies. Session ID cookies may be used by mail.com to track user preferences while the user is visiting the website. They also help to minimize load times and save on server processing. Persistent cookies may be used by mail.com to store whether, for example, you want your password remembered or not, and other information. Cookies used on the mail.com website do not contain personally identifiable information.

Log Files

Like most standard websites, we use log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user's movement in the aggregate, and gather broad demographic information for aggregate use. However, none of the information stored in our log files, including but not limited to IP addresses, is linked to personally identifiable information.

How We Use and Share this Information

mail.com may use the personally identifiable information collected by mail.com to contact customers regarding products and services offered by mail.com and, to the extent the user has agreed to it, by its trusted affiliates, independent contractors and business partners. We may also use this information and share it with trusted third parties for research purposes regarding the effectiveness of our website services, marketing, advertising and sales efforts, and to create links between two or more customer devices. mail.com will not share this information with a third party for a third party’s marketing purposes unless you specifically authorize such information sharing. mail.com does not sell or rent your contact information to third parties.

Furthermore, mail.com may use this information collected by mail.com for:

• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
• Helping to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for these purposes;
• Debugging to identify and repair errors that impair existing intended functionality;
• Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with the business, provided the consumer's personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with;
• Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, customer account authentication, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business or service provider; Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer; Undertaking internal research for technological development and demonstration;
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business;
• For our group companies, including centralizing file data, facilitating the provision of our services, or protecting our rights, privacy, safety or property, or the property of our affiliates, you or others, in connection with a sale or a business transaction;
• To comply with our legal and regulatory obligations, public authority, government and law enforcement agencies;
• For the performance of our contract with you or to take steps at your request before entering into a contract;
• For our legitimate interests or those of a third party;
• Where you have given consent.

Third party cookies and tracking

We allow third-party companies to serve ads and/or collect certain anonymous information when you visit our website. These companies may use non-personally identifiable information (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over) during your visits to this and other Web sites in order to provide advertisements about goods and services likely to be of greater interest to you. These companies typically use a cookie or third-party web beacon to collect this information. To learn more about this behavioral advertising practice or to opt-out of this type of advertising, you can visit network advertising.

Disclosure of Information

mail.com may disclose your personal information as it deems necessary, in mail.com‘s sole discretion, to:
(a) comply with legal process or other legal requirements, including but not limited to responding to civil or criminal subpoenas, search warrants, national security letters, court orders, or other requests for information from law enforcement officials;
(b) protect and defend the rights or property of mail.com or its officers, agents, affiliates, licensees, and customers; or
(c) carry out its obligations under or enforce this Agreement or to assign its rights under this Agreement.
mail.com may from time to time use third-party technology and/or engage third parties, including its own subsidiaries and affiliated companies, to preserve, analyze or otherwise store or process data received by mail.com from its customers. Such third-party service providers are required to treat all such data with the same degree of care as mail.com and are prohibited from disclosing such data to any other person or party, except as otherwise provided for in this Privacy Policy.
MAIL.COM RESERVES THE RIGHT (SUBJECT TO APPLICABLE LOCAL LAW), IN ITS SOLE DISCRETION, TO MONITOR YOUR ACCOUNT, INCLUDING BUT NOT LIMITED TO THE USE OF A USER'S MAIN ACCOUNT AND ANY SUB-ACCOUNTS, FOR THE PURPOSE OF INVESTIGATING VIOLATIONS OF THIS AGREEMENT OR TO ASSIST WITH CRIMINAL OR CIVIL INVESTIGATIONS.
mail.com may also disclose aggregate, anonymous data based on information collected from users to trusted third parties, investors, and potential partners. In such cases, only statistical information will be disclosed and personally identifiable data will be kept confidential. In case mail.com is sold, the information collected from users may be transferred to the new owners.

We may also collect information from the following categories of sources:

• Publicly accessible sources (e.g., property records);
• Third party (e.g., sanctions screening providers, credit reporting agencies, customer due diligence providers, advertising networks, internet service providers, social networks, data analytics providers, government entities, and data brokers);
• Cookies on our website;
• Automated information collection;
• Our IT systems, including:

• Door entry systems and reception logs;
• Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

Special Offers and Updates

On rare occasions, it is necessary to send out a strictly service-related announcement, if, for instance, our service is temporarily suspended for maintenance. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature.

Maintenance of Information

The information provided to mail.com is saved indefinitely and may be stored on one or more databases directly or indirectly maintained by mail.com. mail.com employs industry-standard security measures to protect the confidentiality of the information. While we cannot guarantee that loss, misuse or alteration of data will not occur, we make every effort to prevent such occurrences.

Your Responsibility

You are responsible for the security of your Customer ID and passwords. Make sure you keep them in a safe place and do not share them with others. Always remember to log out after your session ends to ensure that others cannot access your private personal information. You should take this precaution even if you are not using a public computer, such as at a library or internet café, but even when using your private computer in your home.

Your California Privacy Rights

You have the right under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

Disclosure of Personal Information We Collect About You
You have the right to know, and request disclosure of:

• The categories of personal information we have collected about you, including sensitive personal information;
• The categories of sources from which the personal information is collected;
• Our business or commercial purpose for collecting, selling, or sharing personal information;
• The categories of third parties to whom we disclose personal information, if any; and
• The specific pieces of personal information we have collected about you.

Please note that we are not required to:

• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
• Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
• Provide the personal information to you more than twice in a 12-month period.

Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose
In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, you have the right to know:

• The categories of personal information about you that we sold or shared and the categories of third parties to whom the personal information was sold or shared; and
• The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.

You have the right to opt-out of the sale of your personal information or sharing of your personal information for the purpose of targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, we will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information.

To opt-out of the sale or sharing of your personal information click here.

Right to Limit Use of Sensitive Personal Information:
You have the right to limit the use and disclosure of your sensitive personal information to the use which is necessary to:
Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;

To perform the following services:

• Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes;
• Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business;
• Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business; and as authorized by further regulations

You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.

To limit the use of your sensitive personal information click here.

Right to Deletion: Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

• Delete your personal information from our records;
• Direct any service providers or contractors to delete your personal information from their records.
• Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort.

Please note that we may not delete your personal information if it is reasonably necessary to:

• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
• Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes;
• Debug to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act;
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us
• Comply with an existing legal obligation; or
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Right of Correction:
If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.

Protection Against Retaliation:
You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA/CPRA. This means we cannot, among other things:

• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, discounts, or club card programs consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information.

How to Exercise Your Rights
The exercise of these rights and the access to the information provided will not lead to any discriminatory treatment, nor will it negatively affect the service. You may only make a personal information request twice in a 12-month period. We will respond within 45 days of receiving a personal information request.

In addition to the above mentioned and in response to the requirements of CCPA, it is our aim to extend the transparency of the information collected and shared with third parties, which is why on pages related to data protection, such as the "Privacy Policy" and/or "Data Collection", the information referred to encompasses the data processing of the past twelve months.

You can find more information or exercise your rights under CCPA here: Do not sell my personal information.

Your GDPR and UK GDPR Rights (only for individuals located in the European Union or United Kingdom)

In addition to the above information, we want you to know that you are afforded additional rights under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the retained EU law version of the GDPR in the UK (UK GDPR). If you are unsure whether these rights apply to you, please contact us using the details below. Controller

The protection of your personal information is a top priority for 1&1 Mail & Media Inc. We adhere to the relevant data privacy laws and would like to provide comprehensive information about the handling of your data in the following notice. The responsibility for data protection lies with:

1&1 Mail & Media Inc.
100 North 18th Street Suite 400
Philadelphia, PA 19103

Data Protection Officer

Data Protection Officer of 1&1 Mail & Media Inc.

1&1 Mail & Media Inc.
100 North 18th Street Suite 400
Philadelphia, PA 19103

or e-mail: dataprivacy@corp.mail.com

Choices and Individuals’ Rights

We refer to the section above on ‘How we use and share this information’, which provides details on how we use personal information for marketing purposes. Please note that we give you choices regarding our use and disclosure of your personal information for marketing purposes. You may opt out from:

1. Receiving marketing-related emails from us. If you no longer want to receive marketing related emails from us on a going-forward basis, you may opt out by using the Permission Management available via your mail.com account.
2. Our sharing of your personal information with unaffiliated third parties for their direct marketing purposes. If you would prefer that we discontinue sharing your personal information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by managing your browser settings.

We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.

How you can exercise your rights:
If you would like to request to access, correct, update, suppress, restrict, or delete personal information, object to or opt out of the processing of personal information, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you under the GDPR or UK GDPR, you may contact us using the contact details above (i.e., the Controller and Data Protection Officer details at the beginning of this section of the policy). In addition, you may also use the following methods to exercise the following rights:

Access
In the customer self-care center of your mail.com account, you will find an overview of all your settings and can access data that you have stored with mail.com.

Rectification, Erasure and Restriction of Processing
In your mail.com inbox under ‘My Account’, you can view your data and manage it yourself. If you have a contractual relationship with us, please understand that we save and process your data as required for the term of your contract. There may also be retention duties arising from legal requirements, for example in accordance with commercial or tax law. Please see the ‘Retention’ section below for more information on our retention periods.

Revocation of Your Consent
You can revoke the granted consent at any time. If you no longer wish to receive interest-based online advertising, you can revoke your consent using the Permission Management.

Exercising your Right to Data Portability
If you want to exercise this right, go to ‘My Account‘, where you will find the option of exporting your data under the item ‘Personal Data‘.

You can also file a complaint with the supervisory authority in your country or region of habitual residence or place of work, or where an alleged infringement of applicable data protection law occurs. A list of EU data protection authorities is available here.
For the UK, the responsible data protection authority is the Information Commissioner’s Office (ICO).

Collection and processing of personal information
We refer to the ‘Information we collect’ section above which provides details on the categories of personal information we collect and why. We use your personal information for the legitimate business purposes set out above. Under the GDPR and UK GDPR, the legal bases that we rely on for processing your personal information are (i) your consent, where we obtain such consent from you; (ii) contractual necessity, where processing of your personal information is necessary for the performance of a contract to which you are a party; (iii) our legal obligation, where processing is necessary for compliance with such legal obligation; (iv) vital interest, where processing is necessary in order to protect the vital interests of you or of another individual; (v) where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or (vi) or a legitimate interest, where processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of your personal information.

Cross-border Transfers
Please note that this product is intended for an audience in the United States, and that the information is processed on servers located in the United States. The processing of the information therefore predominantly takes place in this territory. However, it is possible that your personal information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the services you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

Some non-EEA countries are recognized under the UK GDPR and by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers of personal information from the UK and/or EEA to countries not considered adequate under the UK GDPR or by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted under the UK GDPR and by the European Commission to protect your personal information. You may obtain a copy of these measures by contacting us. We have a legitimate interest in disclosing or transferring your personal data to third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of the company, all assets or shares (including in connection with bankruptcy or similar proceedings). Such third parties can include e.g. an acquiring company and its consultants.

Retention Periods
We only store your personal data as long as is necessary to fulfil the purpose for processing the personal data, unless a longer retention period is required or permitted in accordance with applicable law. The criteria used to determine our retention periods include (i) the duration of our business relationship with you (e.g. the period in which you maintain your account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records for a certain period of time before we can delete them), or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Questions

If you are not a resident of California or Europe, and you wish to exercise any of the rights described above, please contact us.
For questions concerning this Privacy Policy please contact customer support.
© 1&1 Mail and Media Inc., 2023, All rights reserved
Version: May 23, 2023