Details for Specific Products and Services

This page explains any additional individual data and privacy policies in effect for each product or service offered by MFPad. If a product or service (collectively “Services” or individually “Service”) is not listed on this page, it simply means that there is no new information collected and that it is fully covered by our standard Privacy Policy. Where applicable, we provide additional details for those customers in the EEA.

Domains and Related Services

Domain Whois Contact Information: We are required by ICANN and the Registries who issue domains to collect, process and retain certain personally identifiable information. This information is required to be kept current and may be accessible for you to review and update through your customer Account Panel. Customers are required to provide this information and agree to keep it current and allow it to be retained for a predefined period of time. This information may be shared with ICANN, registries, registry operators and/or data escrow agents.

ICANN requires that registrars must collect and retain the mandated Whois information, whether or not protected by a privacy service, for two (2) years after the domain expires and/or you are no longer the registrant. (Please note that other ccTLD registries may have a longer required retention period. You will need to confirm their retention policies.) These guidelines are considered contractually required and approved upon purchasing a domain.

Domains not governed by ICANN, such as ccTLDs, have individual data collection guidelines explained in their domain agreements. These may include the collection and retention of IP addresses and notices sent to you, among other things. MFPad requires, when purchasing domains from us, that Whois standards as set by ICANN be collected for all domains. Thus, even for ccTLDs, you will be asked to provide the standardized Whois information. Collection of the unique registry information and the standardized Whois information is considered contractually required by you from the individual registries and/or MFPad. Also note that certain ccTLDs mandate the public disclosure of registrant data. If you are an EEA resident and eligible to register such a domain, by registering the domain, you explicitly agree to the publication of your personal information. We recommend that you review ccTLD agreements purchasing one of these domains to review their contractual guidelines on data collected, processed, publicized and retained.

Changes due to GDPR. Due to the GDPR, ICANN has implemented a Temporary Specification that limits the information made available to the public, at least in the EEA. However, the model also proposes broader access to groups of individuals that may or may not have to substantiate a legal basis for each request. This means that a privacy service such as WhoisGuard is both relevant and still very necessary to protect you from unwanted and/or unknown disclosure.

MFPad strongly believes in privacy, security, freedom and the equal treatment for all internet users. And we believe that your information should be protected both now and under the new model being considered. This is why we are providing all our customers with free privacy protection for life. MFPad customers will be able to benefit from free WhoisGuard protection for all domains (unless specifically precluded by the registry.) You can find more details on this program by visiting the WhoisGuard product page.

WhoisGuard. WhoisGuard is a privacy service that allows you to protect your identity. When you use this service, you permit WhoisGuard to have access to your full Whois details and provide anonymization services to protect it.

DNS. No personally identifiable information is collected or shared with our DNS third party provider for any of our DNS products.

Hosting and Related Services

Hosting. When you host with MFPad, we interact with your data in two ways. First, we obtain certain data in order to allow you to use our hosting services and to provide ongoing support. This data includes things like your password, DNS zones and account activity so that we can help you with any issues related to your site. Due to the nature of hosting, log files may also collect IPs of those who visit your site without additional identifying information. Second, we store information related to your website, such as website content, SSL files, your email logs (if you have email integrated into your site), related databases, full account backups and anything else that you host on your site.

In both cases, you operate as the Controller and we operate as the Processor and our relationship is governed by our Data Processing Addendum. Where your site is collecting personally identifiable information, such as customer information or contact lists, it is your responsibility to ensure you are compliant with privacy laws such as GDPR and that you are obtaining required permissions.

Third Party Hosting Products. We offer several third party hosting products to help you manage your website. They include Cloudflare products, CodeGuard, Attracta and Softaculous. We only share data with these companies when you initiate a specific request with us.

Apps Marketplace

MFPad is proud to offer our customers the following excellent Services through our Apps Marketplace. Below you will find data and privacy details on Services that are globally available. Services that are North American based only are not listed.

ProductData Collected by MFPadData Tracking by MFPadData SharedData Controller / Processor Notes
GhostNo additional data collected.None.None.
WPWarmNo additional data collected.WPWarm uses Hotjar to track anonymized data. For details, including opt-out instructions see paragraph “Hotjar” below.None.
CanvasNo additional data collected.None.None.
Private EmailNone.None.None.
SSLCollection depends on type of certificate purchased. Basic certification collects personal email; all others collect and validate business information.None.Minimal SSL details are collected and sent to Comodo.For SSLs, Comodo operates as a Controller jointly with you. MFPad is a Data Processor. See Data Handling Amendments to the SSL ToS.
GSuite / Bablic / Strikingly / WeeblyNone.None.None.For each of these products, the third party provider is the Data Controller and is wholly independent from MFPad. Please review their data and privacy guidelines.

Hotjar. We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.


Refund Policy

We have prepared this Refund Policy to explain when you can request a refund with respect to products and services acquired from MFPad or through us from our partners and/or affiliates (collectively “Services”).

General Terms

General terms apply to all refund eligible Services. In addition, there may be special term(s) that apply to a specific product and/or service and those are outlined below.

  • In no event is the same Service eligible for more than one refund.
  • Service(s) must be cancelled before we can issue a refund.
  • No refund will be made if your Service(s) are suspended or terminated for cause.
  • If purchased Service(s) include free domain name registration as part of a promotion or sale of the Service(s), and you cancel the purchased Service(s), the standard price for the domain name will be deducted from the refund amount. If the refund amount is less than the standard price for the domain, you must either elect to pay the difference or forfeit the domain, in which case, ownership of the domain will revert back to MFPad.
  • All refunds are processed in U.S. dollars: you, the customer, bear sole responsibility for any fluctuations in the exchange rate(s) between the time of payment and the time of refund.
  • Unless you request otherwise, refunds will be credited to your MFPad account balance. Purchases made using MFPad account funds can only be refunded as account credit. Purchases made by credit card or PayPal may be refundable to the source of payment. MFPad is not responsible for any additional charges imposed by your credit card company or PayPal in the case of refund.
  • Any processing fee(s) will be deducted from a refund.

Additional refund requirements may apply based on specific terms and conditions notified to you when purchasing any Service(s).

Special Terms

Domain Name Registration

  • Unless this Refund Policy specifically provides for a refund, all fees for domain name registrations and related domain name Service(s) are non-refundable, in whole or in part, even if your domain name registration is suspended, cancelled or transferred prior to the end of your then current registration term.
  • New domain name registrations may be refundable, at the sole discretion of MFPad, if you, the registrant, cancel the domain name registration for a valid reason and the cancellation is processed within 3 days (72 hours) after registration. Please note that, in some cases, cancellation and refund are not available for new domain registrations due to restrictions imposed by the applicable registry or registry operating company.
  • No refunds are available for fees paid for After Market Domain Names unless your After Market Domain Name registration is rejected or cancelled by MFPad, the registry or the third party seller.
  • No refunds are available for fees paid for Premium Domain(s).
  • No refunds are available for fees paid for any of the following:
    • Additional fees paid for Pre-Orders, Sunrise or Landrush periods or participation in an Early Access Program; or
    • Fees paid for related Service(s) such as a PremiumDNS service for the domain in question.
  • In the case of an unsuccessful attempt to transfer a domain name to MFPad, we will automatically refund any fees paid as an account credit.

Web Hosting

  • Unless this Refund Policy specifically provides for a refund, all fees for Web Hosting and related Service(s) are non-refundable, in whole or in part, even if your Web Hosting Service(s) are suspended or terminated prior to the end of your then current contract term.
  • Package fees for Shared Hosting, Stellar, Stellar Plus, Stellar Business, VPS hosting, VPS Pulsar and VPS Quasar may be refundable, at the sole discretion of MFPad, if you, the account holder, cancel within thirty (30) days after purchase. Only first-time Shared Hosting, Stellar, Stellar Plus, Stellar Business, VPS hosting, VPS Pulsar and VPS Quasar accounts are eligible for the 30-day money-back guarantee. You may receive a refund if you, the account holder, cancel your Reseller Hosting account within the initial fourteen (14) days after sign-up. You may receive a refund if you, the account holder, cancel your Clearance Dedicated Server or New Dedicated Server account within the initial seven (7) days after sign-up. Only first-time Clearance Dedicated Server or New Dedicated Server accounts are eligible for the 7-day money-back guarantee.
  • No refunds are available for the following:
    • Any additional features, services or upgrades added to your Web Hosting package and purchased at additional fee;
    • Any fees related to domain name registrations associated with your Web Hosting package;
    • Any renewals of Web Hosting and related Service(s).

Private Email Hosting

  • Unless this Refund Policy specifically provides for a refund, all fees for private email hosting and related Service(s) are non-refundable, in whole or in part, even if your private email hosting Service(s) are suspended or terminated prior to the end of your then current contract term.
  • If you purchase Private Email Hosting Services for a domain name not registered with MFPad, you must confirm your ownership of the associated domain name. If you fail to provide satisfactory proof of ownership (or domain access rights) within forty-eight (48) hours from purchase, the purchased Service(s) will be cancelled and any fees paid will be automatically refunded as an account credit.

SSL Certificates

  • Unless this Refund Policy specifically provides for a refund, all fees for SSL Certificates are non-refundable, in whole or in part.
  • If a refund is available, fees for SSL Certificates will be refunded in the form of an account credit.
  • In order to qualify for a refund you must do one of the following within ninety (90) days after purchase: that is, you must 1) obtain issuance and thereafter make a written request for a refund within fifteen (15) days of that date; 2) attempt at issuance and be unsuccessful, in which case the refund will be credited to your account automatically; or 3) make no attempt at issuance but make a written refund request to MFPad.

PremiumDNS

  • Unless this Refund Policy specifically provides for a refund, all fees for PremiumDNS and related Service(s) are non-refundable, in whole or in part, even if your PremiumDNS Service(s) are suspended, cancelled or transferred prior to the end of your then current contract term.
  • Fees for the Services may be refundable, at the sole discretion of MFPad, if you cancel the Services within five (5) days after purchase.

Apps Marketplace

  • In most cases, Apps purchased or renewed through our Apps Marketplace may be refundable, at the sole discretion of MFPad, if you request cancellation and refund within twenty-four (24) hours after purchase/renewal.
  • No refunds are available for Apps which provide an immediate, one-time service and/or incur fees directly related to the product provided: such as, but not limited to, MFPad Legal.
  • If you purchase an App that provides for a trial period, you must cancel within the trial period to be eligible for any available refunds. That is, if you participate in a free trial period and thereafter continue to access or use the App after the trial period has passed, no refund is available.

Non-refundable Services

All other Services are non-refundable, including but not limited to:

  • G Suite upgrades and downgrades;
  • Transfers or renewals of domain name registrations;
  • Fees for recovery or reactivation of domain names;
  • Dedicated IP Addresses;
  • Any Services purchased or acquired at a reduced fee or on promotion; or
  • Any fees paid by you to MFPad for providing non-service related support.

Refund Requests

If you think you are eligible for a refund, you can submit a helpdesk ticket here. You must include the following information in your request:

  • Why you are asking for a refund;
  • Transaction identifying information (e.g. account username, support pin, transaction number, domain name, date of purchase); and
  • Any additional information the Customer Service team asks for in order to process your refund request.

Contacts

If you have questions about our Refund Policy, you can contact MFPad at support@mfpad.com

You may also contact us at:
MFPad.com
63-66 Hatton Gardens
Suite 1203
London, England, EC1N 8LE
USA
support@mfpad.com


MFPad Court Order & Subpoena Policy

MFPad is a strong advocate for privacy. As such, and per our Privacy Policy, we cannot and will not share customer or account information without our customer’s express consent except under limited circumstances when required by law or legal process properly served on MFPad or one of our affiliates.

If you are seeking such information, here is what you need to know:


Copyright and Trademark Policies

At MFPad, we believe that the customer comes first. As a result, we have developed policies over the years which ensure that we respond responsibly to copyright and trademark complaints made to us regarding domains and hosted content, and that we do so in a manner that respects our customer.

Copyright Complaints

Copyright claims are covered by the Digital Millennium Copyright Act (“DMCA”), whereby a copyright holder may issue a formal complaint known as a DMCA Takedown Notice. If you believe that you have a valid copyright claim related to a MFPad customer, you may submit a DMCA Takedown Notice in accordance with this policy.

DMCA Takedown Notice. If we receive a DMCA notice from a copyright holder regarding hosted content, we will follow the requirements set in place by the DMCA. We will:

  1. Make sure the notice is DMCA-compliant. At a minimum, it must include:
    1. Specification of Copyrighted Content. Identification of the work which is claimed to be copyrighted and infringed, or, if multiple copyrighted works at a single online site are covered by the notification, a representative list of such works at that site.
    2. Location of Infringing Material. Identification of the material that is claimed to be infringing, or to be the subject of infringing activity, and that is to be removed, or access to which is to be disabled, and information reasonably sufficient to permit MFPad to locate the material. This must include the specific URLs for each infringing instance.
    3. Contact Information for Complaining Party. Information reasonably sufficient to permit MFPad to contact the complaining party, such as name, address, and telephone number, as well as facsimile number and email, if available, at which the complaining party may be contacted.
    4. Good Faith Statement. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
    5. Statement Under Perjury. A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the copyright owner of an exclusive right that is allegedly being infringed.
    6. Signature. A physical or electronic signature of the complaining party or its agent.
  2. Forward that notice to our customer, and make it clear how to proceed.
  3. If the DMCA notice relates to content hosted on our servers, we will temporarily remove, or disable access to, the disputed content.
  4. Give our customer the opportunity to counter-notice the DMCA notice. If our customer has counter-noticed a DMCA notice in reference to specific works in circumstances that do not amount to a repeat infringement, we will restore any disputed works promptly upon counter-notice as described below.

You should be aware that if MFPad acts only as the domain registrar, and does not provide hosting services in respect of the disputed content, we do not have the technical ability to take action in response to a DMCA notice. You will need to contact the hosting provider

Further, MFPad will determine in its sole and absolute discretion what constitutes repeat infringement.

DMCA Counter-Notice Procedure. If we receive a proper DMCA Takedown Notice from a copyright holder, we will email a copy of the notice to our customer to provide them with the opportunity to submit a DMCA Counter-Notice. We will advise our customer of the following:

  1. If MFPad provides hosting services in respect of the disputed content, we have removed or disabled access to that material due to notice of an alleged copyright infringement.
  2. If our customer believes that the identification of infringing content is in error, MFPad suggests contacting the reporting copyright owner to resolve the matter. If the reporting copyright owner agrees there is a mistake, they should email MFPad at dmca@mfpad.com. The content the subject of the DMCA notice may then be reinstated.
  3. If it is not possible to come to an agreement with the reporting copyright owner, the customer may submit a DMCA Counter-Notice to MFPad within ten (10) business days of the date of our notice. The Counter-Notice is a legal document and must comply with the requirements of the DMCA. It must include the following:
    1. Contact Information. Contact information, including name, address, and telephone number, as well as facsimile number and email, if available.
    2. Statement under Perjury. A statement, under penalty of perjury, that the party providing the Counter-Notice has a good faith belief that the material was removed or disabled as a result of mistake, or misidentification of the material to be removed or disabled.
    3. Previous Location of Alleged Infringing Material. Identification of the material that has been removed, or to which access has been disabled, and the location at which the material appeared before it was removed or access was disabled.
    4. Consent to Jurisdiction. A statement that the party providing the Counter-Notice consents to the jurisdiction of the United States District Court in which the address provided is located or, if that address is outside the United States, for the judicial district of California, and that it will accept service of process from the complaining party or its agent.
    5. Signature. A physical or electronic signature of the party providing the Counter-Notice or its agent.
  4. By submitting a Counter-Notice to MFPad, our customer waives any legal or equitable rights or remedies he or she has, or may have, against MFPad with respect to the Counter-Notice, any claims regarding any aspect of the disputed content and its publication and/or MFPad’s action in implementing a takedown or re-establishing the content, and agrees to indemnify and hold MFPad, and its owners/operators and/or affiliates, harmless to the fullest extent allowed by law regarding all matters relating to the sending of a Counter-Notice.

If our customer responds with a proper Counter-Notice, we will:

  1. Provide a copy of that Counter-Notice to the complaining party.
  2. Advise the complaining party that the disputed content will be reinstated in ten (10) business days unless MFPad receives notice from the reporting copyright owner that he or she has filed an action against our customer under the DMCA in a court of competent jurisdiction for copyright infringement and is seeking a court order to restrain our customer from publishing the disputed content.
  3. If MFPad does not receive such notification from the complaining party, we will replace the removed material, or cease disabling access to it, in not less than ten (10) business days and not more than fourteen (14) business days from receipt of our customer’s Counter-Notice.

Trademark Complaints

Trademark complaints are outside the scope of a DMCA Takedown Notice. However, if you believe your trademark complaint may also constitute a copyright infringement, and it is published on a website using MFPad’s hosting services, you may choose to submit your complaint according to the DMCA Takedown Notice procedure outline above.

Below is MFPad’s procedure for processing trademark complaints in various scenarios.

Domain Names. If you believe that a domain name and its use violates your trademark, you may either pursue the matter in a U.S. court of law or have the matter adjudicated under the Uniform Domain Name Dispute Resolution Policy (“UDRP”) or, where available, the Uniform Rapid Suspension System (“URS”). These are the two forums for adjudicating such issues.

The UDRP is a mandatory administrative proceeding adopted by the Internet Corporation for Assigned Names and Numbers (“ICANN”) to resolve disputes regarding the registration of domain names. All ICANN accredited registrars are required to follow the UDRP. As an ICANN accredited registrar, MFPad and its customers are bound by the UDRP. Nothing in this policy should be construed to modify or supersede the UDRP. More information regarding the UDRP is available here or here. Information about the URS is available here.

Trademark Owners. If you believe that you have a trademark complaint that is not related to a domain name, and that does not fall under a copyright claim, you may submit a valid and formal notice of a trademark complaint as outlined below. We will forward your complaint to our customer. It should include:

  1. Details of the trademark or servicemark (“mark”) that is claimed to be infringed, including the registration number and jurisdiction or geographical area to which it applies.
  2. The name, address and telephone number of the owner of the mark.
  3. The goods and/or services covered by or offered under the mark.
  4. A description of how you believe the mark is being infringed, including the precise location of the infringing mark.
  5. Sufficient evidence that the owner of the website that is claimed to be infringing the mark is a MFPad customer.

You should be aware that, other than forwarding your trademark complaint to a customer, we cannot take any further action without a U.S. court order or a UDRP, or URS, ruling.

Repeat Infringement

We will do everything in our power to fairly protect your right to freely use the Internet. However, repeated violation of this policy, or repeated infringement of copyrighted works, trademarks or other intellectual property, will lead to termination in appropriate circumstances. MFPad will, in its sole and absolute discretion, determine what constitutes repeat infringement.

Further Questions & Contact Information

If you have any questions about how MFPad deals with trademark and copyright complaints, please contact us by email or regular mail at the following address:

MFPad Legal Department
63-66 Hatton Gardens
Suite 1203
London, England, EC1N 8LE
dmca@mfpad.com


MFPad Privacy Policy

MFPad is a leader in online privacy rights. We have created this privacy statement in order to demonstrate our commitment to you, our customer, through transparent, easy-to-understand information regarding our data practices. You will understand what we collect, why we collect it and what we do with it. This policy applies to all MFPad brands, websites, apps, products, services or technologies (we will collectively refer to these as “Services”). Additional privacy practices for certain Services can be found in Details for Specific Products and Services.

Information Collection: Account Level

At an Account Level, we collect and use information necessary to enable you to purchase and manage Services, provide you with support for those Services and to curate your experience with us. Some information is collected and used based on contractual consent and other is based on informed consent, which may be changed at any time.

  • Basic Account Information.Information Collected. Our site uses forms in which you give us contact information (such as your name, address, phone number, fax number, billing information, IP address and email address) so you can create an account, place orders, register domains, request information, and request support help. As you use your account, we may also collect support requests and other related types of information that is specific to the management of your account and Services with us.Legal Requirement. This type of information is legally and/or contractually required to be able to purchase and use Services. For example, we are required to be able to verify this type of information upon request by our payment processor. It is also required to be able to serve legal notices to you and is mandated by certain Services we offer. In addition, some Services, such as domains, require this information for you to purchase them. If you are purchasing a domain from us, we are required by law to collect and retain this information. We are further required to verify that the information provided is accurate and serve legally required notices regarding your domain(s). Consent for the collection, use and retention of this information for these purposes is considered to be contractually given for the duration of your use of such Service and any legally required retention period.
  • How We Use This Information.Sending Emails. Legally Required. As noted above, we use emails to communicate with you, to confirm your placed orders, to send information that you have requested and to serve legally or contractually required communications. Legally required emails cover ICANN mandated verification emails, renewal notices and any other policy or procedure created by ICANN which governs the purchase of domains. Additionally, we may be required by law to serve notices to you such as DMCA Takedown Notices, UDRP notices, etc. Or, we may deem a change to one of our policies to be material and, therefore, determine a duty (though not a legal requirement) to inform you of this change. These types of communications do not fall under any of our opt-out procedures.Sending Emails: Service Communications & Promotional Communications. We also may use this information when it is important for us to contact you regarding functionality changes to Services you have purchased and/or our website and provide customer service (“Service Communications”.) By creating an account with us and/or purchasing our Services, you agree to receive these types of communication and acknowledge that they are not optional. We also use this information to share details about new services and special offers we think you’ll find valuable (“Promotional Communications”.) You are able to opt-out of receiving Promotional Communications (or opt-into, depending on your country of residence) through preferences in your account panel or the unsubscribe instructions contained in the email communication. Legally Required Disclosure. We will never share your information without your permission or in ways other than as outlined in this policy. The only exceptions to this are when we are required by law, in the good faith belief that such action is necessary in order to comply with the law, or when we must comply with a legal process. Examples of these types of exceptions are court orders, subpoenas, and UDRP/URS processes. In each of these situations, we will carefully review the documentation provided and only comply if such documentation meets requisite legal standards.Changes in Our Practices. If we change our information-handling practices or other privacy aspects, we will post those changes on this privacy statement. If we make any material changes we will notify you by means of a notice on this site prior to the change becoming effective, and we may also try to notify you through email of the privacy changes, if necessary.
  • Retention & Deletion of Account Information.Personal Information Following Termination of Account. When your MFPad account is cancelled (either voluntarily or involuntarily) all of your personally identifiable information is placed in “deactivated” status within our corresponding databases. However, you should know that deactivation of your account does not mean your personally identifiable information has been deleted from our database entirely. We will retain and use your personally identifiable information, if necessary, in order to resolve disputes, enforce our agreements and/or as required by laws or regulations. Thus, it may not be immediately deleted upon request and is an approved exception to GDPR deletion rights. By creating an account with us, using our support services and/or purchasing Services, you acknowledge and agree to these terms of retention. Information on how to close your account can be found here.

Information Collection: Site Usage 

  • Device Information. We collect information from your devices (computers, mobile phones, tablets, etc.), such as IP address, cookie information, so that we may recognize your devices to provide you with legal notices (if required by your country of residence), support services (when you contact our support staff) and personalized experiences on our site and emails. Certain types of collection and use may be optional and controlled via our cookie tools.
  • Information from Others. We are dedicated to continually improving your experience on our website. Like many companies, we use third-parties to help us track browsing, identify technical issues and provide ways to enhance your overall experience. Several of the tools that we use and what they do are:
    • Log Files: We use information gathered about you from our site statistics via log files provided by third-party tracking partners (for example, your IP address) to help diagnose problems with our server and to administer our website. We also gather broad demographic information from this data to help us improve our site and make your browsing and purchasing experiences more enjoyable. This is not linked to any personally identifiable information.
    • Cookies: Our site uses cookies to keep track of your session information. We do link the information we store in cookies to personally identifiable information you submit while on our site.We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your internet browser’s “help” file.We also use cookies to store your username if you request to have your username remembered during login. That information will be used to pre-fill the login form at a later time. If you are referred to our website through an ad or a partner, we will store the referral information in the cookies.The use of cookies by our partners, affiliates, tracking utility company and service providers is not covered by our privacy statement. We do not have access or control over these cookies. Our tracking utility company uses session ID cookies to help us improve our site and make your browsing and purchasing experiences more enjoyable.For those customers in countries subject to GDPR, please see your cookie preference panel for additional instructions on how to opt-in and opt-out of cookies. The cookie preference panel is accessible once you have acted upon the cookie policy pop-up.Find more information regarding the categories of cookies we use and our specific cookie policy here. By continuing to use and navigate our sites, services, applications, tools or messaging, you are agreeing to our use of cookies of described in this Privacy Policy.
    • Gifs: Our third-party tracking utility company employs a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs) that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with unique identifiers, similar in function to cookies; they are used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. Our tracking utility company does not tie the information gathered by clear gifs to our customers’ personally identifiable information.
  • Contests: From time to time we request information from users via surveys or contests. Participation in these surveys or contests is completely voluntary, and the user, therefore, has a choice whether or not to respond and disclose this information. Information requested may include contact information (such as name, email and shipping address) and demographic information (such as zip code and age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site and/or any other purpose that we explicitly disclose in the contest rules.
  • Testimonials: We post customer testimonials on our website which may contain personally identifiable information. We do obtain the customer’s consent via email, prior to posting the testimonial, to post their name along with their testimonial. If you would like to request the removal of your testimonial from the site contact us at support@mfpad.com.
  • Public Blog: Our website offers a publicly accessible blog. You should be aware that any information you provide in this area may be read, collected and used by others who access it. To request removal of your personal information from our blog, contact us at support@mfpad.com. In some cases, we may not be able to remove your personal information. If this occurs, we will let you know if we are unable to do so and why.
  • Third-Party Product Offerings & Websites: Our site also contains links to other third-party websites, especially where we offer their products or services. MFPad (www.mfpad.com) is not responsible for the privacy practices or the content of such websites. We encourage you to carefully read the privacy statement of any website you visit.

How We Share This Information

MFPad shares information within its affiliated brands and companies. We also share information we have about you for the purposes described in this Privacy Policy, including to provide Services that you have requested. We do not share information that individually identifies our customers with companies, organizations or individuals outside of MFPad, unless one of the following circumstances applies:

  • With Your Consent. We will share information with companies, organizations or individuals outside of MFPad when we have your consent. This includes third party providers who offer products or services through our marketplace. These providers will each have their own privacy policies and will be identified in our Details for Specific Products and Services section.Within MFPad. Information may also be shared within MFPad to provide support and delivery of Services you purchase. 
  • With Partners. We may share your information with nonaffiliated companies who are:
    • Advertising, Analytics and Business Partners (Limited to Non-Personally Identifiable Information). We may share aggregated or pseudonymous information (including demographic information) with partners, such as measurement analytics, apps, or other companies.  We do not, however, share information that personally identifies you (personally identifiable information is information such as name or email address.)  When you use third-party apps, websites or other products integrated with our Services, they may collect information about your activities subject to their own terms and privacy policies. 
    • For Legal and Other Purposes. We may access, preserve and disclose information to investigate, prevent, or take action in connection with: (i) legal process and legal requests; (ii) enforcement of our Universal Terms of Service; (iii) claims that any content violates the rights of third-parties; (iv) requests for customer service; (v) technical issues; (vi) protecting the rights, property or personal safety of MFPad, its users or the public; (vii) establishing or exercising our legal rights or defending against legal claims; or (viii) as otherwise required by law. This may include responding to lawful governmental requests.  Learn more about how we evaluate and respond to these requests here. 
  • New Ownership. If the ownership or control of all or part of MFPad or a specific Service changes as a result of a merger, acquisition or sale of assets, we may transfer your information to the new owner.

Details for Specific Products and Services

Additional privacy practices for certain MFPad Services are included here.

Residents of GDPR Governed Countries

If you are a resident of a GDPR governed country, more information regarding your GDPR rights may be found here.

Site Security

Our site has security measures in place to protect the loss, misuse and alteration of the information under our control. We use 128-bit SSL security to encrypt any transmissions when you provide credit card information, personal data, etc. No method of electronic storage or transmission over the internet is 100% secure, however. Therefore, we cannot guarantee its absolute security.

Protecting Children’s Privacy

Our Services are for a general audience.  We do not knowingly collect, use, or share information that could reasonably be used to identify children under age 18 without prior parental consent or consistent with applicable law.

Data Processing and Transfers

When you use or interact with any of our Services, you consent to the data processing, sharing, transferring and uses of your information as outlined in this Privacy Policy and the Data Processing Addendum. Regardless of the country where you reside, you acknowledge that you are directly transferring your data to us in our United States based servers and agree to processing within the United States, where MFPad processes its data. In addition, you authorize us to transfer, process, store and use your information in countries other than your own in accordance with this Privacy Policy and to provide you with Services. Some of these countries may not have the same data protection safeguards as the country where you reside. By using our Services, you consent to us transferring information about you to these countries.

Other Important Information

This Privacy Policy Applies Only to MFPad. This Privacy Policy does not apply to the practices of companies that MFPad does not own or control, or to people that MFPad does not employ or manage.  In addition, some third-party products may have different privacy policies and practices that are not subject to this Privacy Policy. These products will be identified in the Details for Specific Products and Services section.

Changes

We may update this Privacy Policy from time to time, so you should check it periodically. If we make changes that are material, we will provide you with appropriate notice before such changes take effect. 

Questions & Suggestions

If you have questions, suggestions or wish to make a complaint, please complete a feedback form or you can contact us at MFPad Support or 4600 E Washington St suite 305, London, England, EC1N 8LE


Registration Data Access Protocol (“RDAP”) Terms of Service Agreement

This Registration Data Access Protocol (“RDAP”) Terms of Service Agreement sets forth the terms and conditions of the use of Our RDAP service. In this Agreement, “You” and “Your” refer to You as the user of the RDAP service, or any agent, employee, or person authorized to act on Your behalf. “We,” “Us,” and “Our” refer to MFPad, Inc., as well as its subsidiaries and affiliated companies (“MFPad”). By using Our RDAP service, You agree to be bound by the RDAP Terms of Service and that your information will be used in accordance with the MFPad Privacy Policy.


DATA PROCESSING ADDENDUM

This Data Processing Addendum (this “Addendum”) is executed by and between MFPad, Inc. and its Affiliates (“MFPad”) and you (“Customer”) and is annexed to and supplements our Universal Terms of Service, Privacy Policyand any and all agreements governing Covered Services (collectively, the “Terms of Service”). Unless otherwise defined in this Addendum, all capitalized terms not defined in this Addendum will have the meanings given to them in the Terms of Service.

Note: If you would like to have a mutually signed copy of this Addendum, please send your request to dpa@mfpad.com and indicate the email address where you would like it sent. You will need to have your MFPad account name when completing the contract.

Appendix 1

DETAILS OF THE PROCESSING


Appendix 2

Security Standards

We are, as always, committed to the protection of our customer’s information. To provide the best level of security, we consider a number of factors such as best practices, cost to execution, details and circumstances of processing, severity and risk of data breach occurrence and its potential impact to a customer. We also regularly test, assess and evaluate the effectiveness of our procedures. Below are technical and organizational standards that we’ve implemented across our core, US based operations to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services. Rest assured, we are continually adding to the ways in which your data is safe with us.

Data Privacy Program

Our Data Privacy Program is established to maintain a global data governance throughout its lifecycle. This program is overseen by our Data Protection Officer.


[See Section 9.2 of the Addendum for applicability of these SCCs]

Appendix 3

Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.

The entity identified as “Customer” in the Addendum

(the “data exporter”)

and

MFPad Inc.

(the “data importer”)

each a “party”; together “the parties”,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1

Definitions

For the purposes of the Clauses:

  • ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  • ‘the data exporter’ means the controller who transfers the personal data;
  • ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
  • ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
  • ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
  • ‘technical and organizational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

  1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
  2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
  3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
  4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

  • that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
  • that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
  • that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 to this contract;
  • that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
  • that it will ensure compliance with the security measures;
  • that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
  • to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
  • to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
  • that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
  • that it will ensure compliance with Clause 4(a) to (i).

Clause 5[1]

Obligations of the data importer

The data importer agrees and warrants:

  • to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
  • that it will promptly notify the data exporter about:
    1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
    2. any accidental or unauthorized access, and
    3. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
  • to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
  • at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
  • to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
  • that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
  • that the processing services by the subprocessor will be carried out in accordance with Clause 11;
  • to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

  1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
  2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
  3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

  1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
    • to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
    • to refer the dispute to the courts in the Member State in which the data exporter is established.
  2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

  1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
  2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
  3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

  1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
  2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
  3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
  4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

  1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
  2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

Exhibit 1 to the Standard Contractual Clauses

Data exporter

The data exporter is the entity identified as “Customer” in the Addendum

Data importer

The data importer is MFPad Inc., a provider hosted services.

Data subjects

The processing operations are defined in Section 1.3 and Appendix 1 of the Addendum.

Categories of data

The processing operations are defined in Section 1.3 and Appendix 1 of the Addendum.

Processing operationsThe processing operations are defined in Section 1.3 and Appendix 1 of the Addendum.

Exhibit 2 to the Standard Contractual Clauses

This Exhibit forms part of the Clauses. By purchasing Covered Services from MFPad, the Addendum and this Exhibit 2 are deemed accepted and executed by and between the parties.

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

The technical and organizational security measures implemented by the data importer are as described in the Addendum, specifically in Appendix 2, which is incorporated and attached to it.


[1] National mandatory requirements applicable to the data importer, as described in Article 13(1) of Directive 95/46/EC, will be defined as consistent with the Standard Contractual Clauses so long as they meet the requirements of this Directive. Examples of eligible mandatory requirements are legislation related to national security, defense, public security, internationally recognized sanctions, tax-reporting requirements and/or anti-money-laundering reporting requirements.


MFPad Universal Terms of Service Agreement

This Universal Terms of Service Agreement (“Agreement”) sets forth the terms and conditions of the use of our systems, software, platforms, APIs, and the use and/or purchase of our products and related services and for the purchase and/or use of any products and services acquired through MFPad from our partners and/or affiliates (collectively “Services”).

In this Agreement “You” and “Your” refer to You as the user of our Services, or any agent, employee, servant or person authorized to act on Your behalf. “We”, “Us” and “Our” refer to MFPad, Inc., as well as its subsidiaries and sister companies (“MFPad”). This Agreement explains Our obligations to You, and explains Your obligations to Us for using Our Services. These obligations are in addition to (not in lieu of) any specific terms and conditions that apply to the particular Services.

When You use Our site, Your account (or You permit someone else to use it) to purchase or otherwise acquire access to Services or to cancel Your Services (even if We were not notified of such authorization), You signify Your agreement to the terms and conditions contained in this Agreement, along with the following policies and the applicable product agreements, which are incorporated by reference herein.

The following general policies apply to all Our Services:

We offer the following Services. Within each category, you will find the additional terms and conditions that apply to particular products and services.

MFPad Legal Department
63-66 Hatton Gardens
Suite 1203
London, England, EC1N 8LE
legal@mfpad.com