MailFred Logo

    Privacy Policy – MailFred

    Last Updated: 31 July 2025

    1. Introduction

    Welcome to MailFred. This Privacy Policy explains how MailFred, operated by Modern Business Workers V.O.F. ("we," "us," or "our"), collects, uses, shares, and protects personal data. We are committed to protecting your privacy and handling your data in an open and transparent manner.

    This policy applies to data we process for our own purposes, such as from our website visitors and our direct clients. For information on how we process data on behalf of our clients as part of our service, please see our Data Processing Agreement (DPA).

    2. Data We Collect and How We Use It

    We collect personal data in the following ways:

    When you visit our website (mailfred.com):

    Analytics and Tracking Data:

    We use tools like Google Analytics and HubSpot to understand how visitors interact with our website. This may include your IP address, browser type, device information, pages visited, and time spent on our site. We use this information to improve our website and marketing efforts.

    Contact and Meeting Forms:

    When you fill out a contact form or book a meeting through our HubSpot link, we collect information you provide, such as your name, email address, phone number, and company name. We use this to respond to your inquiry, schedule meetings, and communicate with you.

    Opt-in Forms:

    If you subscribe to our newsletter or other content, we collect your email address and name to send you the requested information and marketing communications.

    When you become our Client:

    Account and Billing Information:

    We collect your business contact details, billing address, and payment information (processed securely by Stripe) to provide our services, manage your account, and process payments as per our Terms of Service.

    For our own Sales and Marketing:

    Prospect Information:

    We may process contact information (such as name, company, job title, and business email address) from publicly available sources for our B2B marketing and outreach activities.

    3. Our Legal Basis for Processing Data

    Under GDPR, we process your data based on the following legal grounds:

    Performance of a Contract:

    When you become a client, we process your data to fulfill our contractual obligations under our Terms of Service.

    Consent:

    When you opt-in to our newsletter or provide your details through a form for a specific purpose, we process your data based on your explicit consent. You can withdraw this consent at any time. We also rely on consent for the use of non-essential cookies and tracking technologies.

    Legitimate Interest:

    We process website analytics data and B2B marketing data from public sources based on our legitimate interest to improve our service, grow our business, and communicate with potential business customers who may be interested in our services.

    4. Cookies and Tracking Technologies

    We use cookies and similar technologies on our website. This includes:

    • Essential Cookies: These are necessary for the website to function properly.
    • Analytics & Performance Cookies: Used by Google Analytics and HubSpot to help us analyze website traffic and performance.
    • Marketing Cookies: Used by HubSpot to track your interactions with our site and marketing materials to provide a more personalized experience.

    You can control cookies through your browser settings and through the cookie consent banner on our website.

    5. How We Share and Disclose Data

    We do not sell your personal data. We may share your data with trusted third-party service providers (subprocessors) who help us operate our business. We have agreements in place with these providers to ensure they protect your data.

    Subprocessor List:

    OpenAI, L.L.C.

    Purpose: AI Content Generation for Outreach
    Country of Processing: USA

    Google, LLC

    Purpose: Workspace for Email & Calendar Infrastructure
    Country of Processing: USA / Global

    Stripe, Inc.

    Purpose: Payment Processing & Billing
    Country of Processing: USA / Global

    Supabase, Inc.

    Purpose: Backend Database & Infrastructure
    Country of Processing: EU-hosted (Germany)

    HubSpot, Inc.

    Purpose: CRM, Scheduling, Marketing Automation
    Country of Processing: USA / Global

    We may also disclose data if required by law.

    6. Data Security

    We implement appropriate technical and organizational measures to protect the personal data we hold. These measures include:

    • Encryption: Data is encrypted at rest and in transit.
    • Access Controls: Access to personal data is strictly limited to personnel who require it to perform their jobs. We enforce strong access policies, including two-factor authentication (2FA) and role-based access.
    • Personnel Security: We have strict offboarding procedures to revoke access when an employee leaves. Our team is instructed on their data protection responsibilities, and we enforce strict password policies, including regular forced resets.
    • Physical Security: Our physical premises are secured against unauthorized access.

    7. Data Retention

    We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, to maintain our business relationship with you, or to comply with legal, tax, or accounting obligations.

    8. International Data Transfers

    Some of our subprocessors are based outside the European Economic Area (EEA). When we transfer data to these countries (such as the United States), we ensure it is protected through legally recognized mechanisms, such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs).

    9. Your Data Protection Rights

    Under GDPR, you have the following rights regarding your personal data:

    • Right to Access: You can request a copy of the data we hold about you.
    • Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
    • Right to Erasure ("Right to be Forgotten"): You can request that we delete your data in certain circumstances.
    • Right to Restrict Processing: You can ask us to limit the processing of your data.
    • Right to Data Portability: You can request to receive your data in a structured, machine-readable format.
    • Right to Object: You can object to us processing your data for direct marketing or on the basis of legitimate interest.
    • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority (in the Netherlands, this is the Autoriteit Persoonsgegevens).

    To exercise any of these rights, please contact us at privacy@mailfred.io.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when it was last revised. We encourage you to review it periodically.

    11. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us at:

    Email: info@mbworkers.com
    Company: Modern Business Workers V.O.F.