Introduction

We are committed to protecting the personal data and privacy of the users of the migadu.com website and the services offered, including, by way of example, email and other communications sent through those services.

Migadu minimizes the requirement of personal data disclosure to the bare essentials necessary for uninterrupted service delivery. Even with such minimal data, we have technical and organizational measures in place to protect your data to the highest possible standards.

Datacenter providers we utilize hold international security certifications of the highest level.

The processing of personal data takes place in compliance with the EU General Data Protection Regulation (GDPR) and the local Swiss Federal Data Protection Act (DPA). This document serves both as our Privacy Policy and as our Data Processing Agreement (DPA), detailing our commitment to data protection and processing standards.

For any questions, including those about privacy, please get in touch.

Name and Address of The Controller

Migadu-Mail GmbH
Rohnen 587
CH-9414 Schachen
Switzerland

contact@migadu.com

Name and Address of The Data Protection Officer

Herr. Michael Bruderer
contact@migadu.com
Migadu-Mail GmbH
Rohnen 587
CH-9414 Schachen
Switzerland

contact@migadu.com

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

Personal Data

All personal data is kept securely by us and is protected from unauthorized access.

Data We Collect

To use our services and enter into a contractual relationship, we collect:

• Preexisting confirmed email address (required as inventory data).
• Organization name (optional).

Once an account has been provisioned, you may optionally provide:

• Full name.
• Postal address.
• Additional email address(es).
• Organization/company name.
• VAT number.

This additional data is only used to facilitate billing and administration and is subject to strict privacy protection.

We never disclose this data to third parties except for payment data handled by Stripe and PayPal (see below).

Processing Activities

We process personal data for the following purposes:

• Provision of email and related communication services.
• Maintaining email server operations and diagnosing errors.
• Preventing abuse and ensuring service security.
• Fulfilling legal obligations, including tax and accounting compliance.

This processing is conducted based on the following legal grounds:

• Consent provided during sign-up (Art. 6 DSGVO 1. a)).
• Legitimate interests pursued by the controller (Art. 6 DSGVO 1. f)).

Data Processors and Sub-Processors

For payment transactions, personal data is directly sent to our payment processors Stripe and PayPal, including transfers to the USA. We have agreements in place to ensure GDPR compliance and data protection. These agreements are available here:

• Stripe
• PayPal

Our sub-processors are bound to process data solely for the purposes defined by us and in compliance with GDPR.

Technical and Organizational Measures

We implement reasonable and appropriate physical, electronic, and administrative safeguards to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. This includes:

• Secure data centers.
• Encrypted transmission of data.
• Access controls and monitoring.

Data Subject Rights

You have the following rights under GDPR:

• Access: Request a copy of your data.
• Rectification: Request corrections to your data.
• Erasure: Request deletion of your data.
• Restriction: Restrict the processing of your data.
• Portability: Export your data in a portable format.
• Objection: Object to data processing based on legitimate interests.

Requests can be made through your Migadu account. We may require additional verification to confirm account ownership.

Data Breach Notification

In the event of a data breach, we will notify affected data controllers without undue delay and provide all relevant details to mitigate potential harm.

Return or Deletion of Data

Upon termination of the contract, personal data will be deleted within 30 days unless:

• Legal obligations require retention (e.g., tax records).
• Specific reasons, such as handling complaints, require extended storage.

Content data can be deleted by the user at any time through the Migadu interface.

Audit and Monitoring

We ensure compliance with GDPR through regular audits of our data protection practices. Data controllers may request an audit or evidence of compliance upon reasonable notice.

Data Storage Period

Personal data is stored only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Billing data is retained in accordance with tax and commercial law retention periods.

Cookies

We use cookies only to establish working sessions on our website and webmail. No tracking or analytics cookies are employed.

Analytics Data

We do not collect data for user behavior analytics or integrate any website analytics.

Contact From Our Web Page

When contacting us via email, personal data is voluntarily transferred to us and used solely to address your inquiry. This data is not disclosed to third parties.

By using our services, you agree to this Privacy Policy and Data Processing Agreement. For questions, please contact contact@migadu.com .