GDPR and Privacy policy

Please CLICK HERE if you have arrived at this page and would like to pay for a package received in the post.

Privacy Policy

MFPA is committed to processing personal information about its customers in ways that comply with its legal and regulatory obligations, and to being clear with customers about what it does with their personal information.

This Policy explains how we use any personal information we may collect about you when you use our website or when you use or are a recipient of our services.

We are also a Data Controller, registered with the Information Commissioner’s Office, Registration Number ZA252775.

Your personal information (such as your name and contact details, known as ‘personal data’) is protected by specific legislation:

  • 25 May 2018 onwards: General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • Privacy and Electronic Communications (EC Directive) 2003

Personal information MFPA may collect about you

MFPA may collect personal information which we receive when:

  • you use our website;
  • you use our services;
  • you contact us; or
  • you are a recipient of our services.

This may include information:

a) which you provide where you

  • complete one of our forms or receipts;
  • contract with us;
  • enter information on our MFPA website;
  • contact MFPA  directly in writing or by phone or which is recorded on mail or parcels sent to you by MFPA .

b) We may collect the following types of information:

  • your name, address, email address, telephone number(s) and other contact details;
  • information required to provide you with a service, and details of our services that you have used;
  • your company’s name, your position in the company; the company’s address, company’s email address and telephone number;
  • information collected through your use of MFPA  websites. Please see the Cookies Policy on each of websites for more information;
  • details of any enquiry or complaint you make to MFPA ;
  • information about the mail or parcels sent to you by MFPA; or
  • your information when signing for receipt of a parcel or letter.

Why MFPA collects personal information – NEVER FOR THIRD PARTIES

MFPA collects your personal information to:

  • provide you with products and services that you may request from us but NEVER FOR THIRD PARTIES;
  • provide other customers with products and services;
  • enhance or improve customers' experience of our products and services and our websites;
  • improve and develop its services;
  • protect security e.g. to check your identity when you use our services;
  • develop and provide products and services, on its own and with third parties, for the purposes of identity verification and fraud prevention. Such products may be used to prevent and detect fraud against you, MFPA  and/or third parties; or
  • meet its legal and regulatory obligations.

How MFPA collects personal information

MFPA collects personal information:

  • directly from customers: e.g. when a customer signs up to receive our services or registers on a MFPA website or by post or phone;
  • from third parties e.g. when we acquire third party marketing lists or information from the electoral roll or regulated vendors; or
  • when products or services are provided together with a business partner and the information is collected by the business partner in order for MFPA  to provide you with the product or service.

Who sees the personal information MFPA holds

Customers’ personal information may be provided:

  • for the purpose or sending our packs only, to direct mailing houses and the Royal Mail Group; or
  • where services are provided together with a business partner and it is necessary to disclose the information to them in order to provide the services;
  • for the prevention of fraud against MFPA , third parties and customers;
  • for the purposes of identity verification;
  • to prevent money laundering;
  • where products and services are provided to third parties by MFPA  e.g. for the purposes of identity verification and fraud prevention, and it is necessary to disclose information to them in order to provide the service;
  • Other third parties (including the police, law enforcement agencies, credit reference and fraud prevention agencies and other bodies) to protect our or another person’s rights, property, or safety e.g.;
  • to exchange information to protect against fraud and to reduce payment risks; or
  • in connection with the prevention and detection of crime.

Disclosure of personal information required by law

MFPA may be required to disclose certain personal information because it is required by law or for the purposes of legal proceedings.

Fraud prevention

If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies.

Law enforcement agencies may access and use this information.

We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

Please see below for details of how to contact us if you wish to access your personal information or details of relevant fraud prevention agencies.

Transfers of personal information outside of UK

MFPA may need to transfer personal information about customers to third parties located outside the UK. If we do, we will ensure that information is protected to a level which meets the requirements of UK law.

Your rights

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation.

For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO).

Sensitive personal information

We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.

If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.

Keeping personal information safe and secure

MFPA is committed to keeping customers’ personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.

We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:

  • only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
  • using secure servers to store your information;
  • verifying the identity of any individual who requests access to information prior to granting them access to information;
  • once we have updated payment data we destroy personal data effectively.

Transmission of information by email

Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.

We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

Transfers of your information outside the European Economic Area

Your information may be transferred and stored outside the European Economic Area (EEA) in the circumstances set out below.

We will also transfer your information outside the EEA or to an international organisation in the unlikely event that we are required to comply with legal obligations to which we are subject (compliance with a court order, for example). Where we are required to do so, we will ensure appropriate safeguards and protections are in place.

How long we store personal information

MFPA will only retain customers’ personal information for as long as it needs it to carry out a particular purpose or meet a particular obligation.

Criteria for retention

We will retain your information for no longer than necessary, taking into account the following:

  • the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);
  • whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);
  • whether we have any legal basis to continue to process your information (such as your consent);
  • how valuable your information is (both now and in the future);
  • any relevant agreed industry practices on how long information should be retained;
  • the levels of risk, cost and liability involved with us continuing to hold the information;
  • how hard it is to ensure that the information can be kept up to date and accurate; and
  • any relevant surrounding circumstances (such as the nature and status of our relationship with you).

Specific retention periods:

Order information: when you place an order for goods and services, we may retain that information for a minimum period of six years following the end of the financial year in which you placed your order, in accordance with our legal obligation to keep records for tax purposes under paragraph 6, Schedule 11 of the Value Added Tax Act 1994.

Correspondence and enquiries: when you make an enquiry or contact us by email or via our contact form, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for 6 further month(s), after which point we will delete your information.

Mailing list: we retain the information you used to sign up for our newsletter or mailings for as long as you remain subscribed (i.e. you do not unsubscribe or no longer wish to pay) or if we decide to cancel our newsletter or mailing service, whichever occurs first.

Keeping personal information accurate

MFPA will ensure that personal information is kept accurate and up to date as far as is reasonably possible. However, MFPA relies on customers to ensure that some of the information it holds about them is accurate and up-to-date. We encourage customers to inform MFPA of any changes to their information (e.g. by emailing or calling our office).

Access to personal information

MFPA provides customers with access to their personal information and the opportunity to amend and update their details or preferences (including consent to receive marketing communications) in order to keep the information up-to-date and accurate.    

Right to opt-out and unsubscribe

In accordance with the GDPR, and in accordance with fair business practices, we have and continue always to offer customers to unsubscribe from further mailings at any time. Please see ‘How to contact us’ for more details.

Requesting personal information

  • You can request details of personal information MFPA holds about you by contacting our office. See ‘How to contact us’.
  • Requests must be made in writing and we will reply to you within 2 months of receipt of application. During our Christmas and Spring campaigns we are overwhelmed with requests so we ask for your patience for up to 2 months. Proof of identification is required in order to protect your information. We also require sufficient details to be able locate your information. An optional application form may be provided to assist us in locating the information you require.


Marketing preferences

A customer may allow MFPA to provide them with information about products and services that MFPA, or third parties MFPA has selected, which may be of interest to them. MFPA will only do this where a customer has agreed to receive such information. You agree to receive marketing information:

  • from MFPA  about our products and services by choosing not to opt-out on your registration form for a MFPA  website or service.
  • from MFPA  about its similar products and services where you provide your details in the course of purchase or negotiations for the purchase of a product or service.
  • from third parties about their products and services by choosing to opt-in on your registration form for a MFPA  website or service.

The marketing channels used may will only ever be mail.

Changing your marketing preferences

You can change marketing preferences at any time by contacting our offce.

You can request changes to other marketing consents provided to MFPA by writing to our office (see ‘How to contact us’). 

Changes to our privacy policy

We will keep our privacy policy under regular review and will place any updates on this webpage. This privacy policy was last updated April 2018.

Web server log information

We use a third-party server to host our website. Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system.

Our server is located in the United Kingdom.

Use of website server log information for IT security purposes

Our third party hosting provider stores server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.

Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our website server provider to make any attempt to identify you from the information collected via server logs.

Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).

Legal obligation: we have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: we have a legitimate interest in using your information for the purposes of ensuring network and information security.


The copyright in this Privacy Policy and website is either owned by, or licensed to, us and is protected by copyright laws around the world and copyright protection software. All intellectual property rights in this document are reserved.

How to contact us

Customers with queries or complaints relating to products or services provided by MFPA can contact MFPA Customer Services for assistance:

For requests, complaints or queries relating to the use of your personal information please contact our office. To contact the team please write to:

9 Inverness Place
London W2 3JG

Email: [email protected]
Telephone: 0207 229 4491


Join our mailing lists

If you would like to be put on our mailing list to receive our greeting cards, calendars and other products then please fill in the form here.