Skip to main content
    M

    Legal

    Effective date: March 11, 2026

    1. Privacy Policy

    Specific to Cloud & Hosting Services

    1.1 Data Processing Roles

    Under the GDPR:

    • MOSAIC Media Group LLC acts as Data Controller for data relating to its customers (billing, account information).
    • MOSAIC Media Group LLC acts as Data Processor for data that the Customer uploads to servers, databases, or cloud services provided.

    1.2 Data Collected & Purposes

    In addition to personal identifiers, we collect:

    • Technical Data: IP addresses, server access logs, traffic data (required for security and DDoS prevention).
    • Domain Registration Data: Data required under the WHOIS protocol (managed in compliance with ICANN policies and European privacy regulations).

    1.3 Server Location & Data Transfers

    Our servers may be located in different geographic regions. When an EU citizen's data is hosted on US-based servers, we ensure protection through:

    • Standard Contractual Clauses (SCCs) incorporated in our Data Processing Addendum (DPA).
    • Advanced encryption at rest and in transit.

    1.4 Data Security

    We employ industry-standard security protocols including firewalls, 24/7 monitoring, and redundant backup systems to ensure cloud service availability.

    2. Terms & Conditions of Service

    Specific to Servers & Domain Management

    2.1 Service Delivery

    MOSAIC Media Group LLC commits to providing hosting, cloud, and domain registration services with a 99.9% annual uptime, excluding scheduled maintenance communicated at least 24 hours in advance.

    2.2 Domain Management

    • Domain registration is subject to the rules of the relevant authority (e.g., Registro.it, ICANN).
    • The Customer is solely responsible for timely renewal requests. MOSAIC is not liable for domain loss due to non-payment or delays in Customer communications.

    2.3 Acceptable Use Policy (AUP)

    The following uses of our servers are strictly prohibited:

    • Sending spam or unsolicited bulk email.
    • Hosting illegal content, pirated material (DMCA), or malware.
    • Activities that excessively overload shared cloud resources, compromising other users.

    2.4 Liability & Backups

    • Backups: While MOSAIC performs system-level backups, the Customer is solely responsible for the integrity and backup of their own data and applications uploaded to the cloud.
    • Limitation: MOSAIC is not liable for lost profits or damages resulting from service interruptions caused by third parties (e.g., international internet backbone failures).

    2.5 Right of Withdrawal & Termination

    For “turnkey” digital services (e.g., immediate server activation or domain registration), the Customer acknowledges that the service begins immediately, waiving the 14-day withdrawal right provided for EU consumers, given the personalized and instantaneous nature of the service.

    Data Processing Addendum (DPA)

    Between: MOSAIC Media Group LLC (“Provider”) and the Customer (“Controller”)

    1. Subject & Duration

    This Addendum supplements the Terms of Service and governs the processing of personal data uploaded by the Customer to MOSAIC Media Group LLC's cloud infrastructure or servers. The processing duration coincides with the service contract term.

    2. Roles & Instructions

    • The Customer is the Data Controller and warrants that they have the legal right to process the uploaded data.
    • MOSAIC acts as Data Processor and will process data solely to provide the requested services (hosting, maintenance, backups) and in accordance with the Customer's written instructions.

    3. Technical Security Measures

    MOSAIC implements security measures in compliance with GDPR Art. 32, including:

    • Encryption: Data protected in transit (SSL/TLS) and, where included in the plan, at rest.
    • Resilience: Redundant power systems and fire protection in data centers.
    • Restricted Access: Physical and logical access to servers is limited exclusively to authorized personnel for technical maintenance purposes.
    • Recovery: Disaster recovery procedures to ensure data availability in case of an incident.

    4. Sub-Processors

    The Customer authorizes MOSAIC to engage sub-processors (e.g., data center partners such as AWS, Google Cloud, or Equinix) for infrastructure delivery. MOSAIC imposes on such third parties the same data protection obligations set out in this DPA.

    5. International Transfers (US–EU)

    As MOSAIC is based in the United States, the parties agree that data transfers are governed by the Standard Contractual Clauses (SCCs) adopted by the European Commission, which form an integral part of this agreement, ensuring a level of protection essentially equivalent to that within the EU.

    6. Data Subject Rights & Breach Notification

    • Assistance: MOSAIC will assist the Customer in responding to end-user requests (e.g., data access or deletion).
    • Data Breach: In the event of a security breach resulting in loss or unauthorized access to Customer data, MOSAIC will notify the Customer without undue delay (within 48–72 hours of discovery).

    7. Data Deletion

    Upon contract termination, MOSAIC will delete or return all personal data on its servers within 30 days, unless retention is required by law (e.g., billing records).