We are very pleased about your interest in our company. Data protection is of high priority for Melissa Data GmbH. Therefore, we would like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes they are used.
Since changes in the law or changes in our internal company processes may make it necessary to adapt this data protection declaration, we ask you to read this data protection declaration regularly. The data protection declaration can be accessed, saved and printed out at any time under https://www.melissa.com/de/privacy-policy.
1. Responsible person and scope of application
The party responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is:
Melissa Data GmbH
Tel.: +49 (0)221 97 58 92 40
Represented by: Managing Director Cagdas Gandar
This data protection declaration applies to the Internet offer of Melissa Data GmbH, which can be accessed under the domain https://www.melissa.com/de/ as well as the various sub-domains (hereinafter referred to as "our website").
2. Data protection officer
The external data protection officer of the responsible person is:
Attorney at law Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Tel.: +49 (0)221 – 222 183 – 0
Melissa Data GmbH's data protection declaration is based on the terms used by the European legislator when the general data protection regulation (GDPR) was issued. Our data protection declaration should be easy to read and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the responsible person.
c) Data processing
Processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting your future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, residence or change of location of that natural person.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Data controller or responsible person
Data controller or responsible person is the natural or legal person, public authority, agency or any other body, which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of the Member States.
h) Data Processor
Data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the course of a specific investigation mandate under Union or national law shall not be considered as recipients.
j) Third party
A third party is a natural or legal person, public authority, agency or other body than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
Consent is any freely given, informed and unequivocal expression of the data subject's will in a specific case, in the form of a statement or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
4. Data processing
a) Informational use of the website
Melissa Data GmbH's website collects a range of general data and information every time a data subject or automated system accesses the website. This general data and information are stored in the server's log files. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to prevent danger in the event of attacks on our information technology systems.
Melissa Data GmbH will not draw any conclusions about the person concerned when using this general data and information. Rather, this information is required (1) to deliver the contents of our website correctly, (2) to optimise the contents of our website and the advertising for it, (3) to ensure the permanent operability of our information technology systems and the technology of our website, and (4) to provide law enforcement agencies with the information necessary for prosecution in the event of a cyber-attack. This anonymously collected data and information is therefore evaluated by Melissa Data GmbH, both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
Art. 6 (1) f) GDPR serves as the legal basis for the aforementioned data processing. The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.
b) Registration process
On our website we offer users the possibility to register for an account by providing personal data. An account provides the user with an overview of his orders and allows him to manage his contact information. The data is entered into an input mask. The data will not be passed on to third parties. We process your first name, last name, e-mail address and your industry. Furthermore, you can voluntarily enter your telephone number, your company and country. It is your free decision whether you provide us with these data. However, without this information we are unable to provide our service or cannot provide it at least completely.
With your data, we will create an individual user account for you, with which you can use certain contents and services such as access to the trial version of the Web Service or access to the live account of the Web Service. We process your e-mail address in the course of this process so that we can send you new access data in case you forget it.
As soon as the registration on our website is cancelled or modified, your data will be deleted. Further storage can be made in individual cases, if this is required by law.
The data processing described above for the purpose of registration and use of the web store is carried out in accordance with Art. 6 (1) b) GDPR.
On the Melissa Data GmbH’s website, users are given the opportunity to subscribe to one or more of our company's newsletter(s). In order to subscribe to our e-mail newsletter, we require your consent and at least your e-mail address, to whom the newsletter should be sent, and possibly your name.
Melissa Data GmbH informs its customers and business partners at regular intervals by means of a newsletter about offers from the company. Our company's newsletter can only be received by the person concerned if (1) the person concerned has a valid e-mail address and (2) the person concerned registers to receive the newsletter.
When registering for the newsletter, we also save the IP address assigned by the Internet service provider (ISP) of the computer system used by the person concerned at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a data subject's e-mail address at a later date and therefore serves to provide legal protection for the data controller.
Furthermore, we save your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The data will not be passed on to third parties. Your data will be stored until you have revoked this consent. You have the right to revoke your consent to this data processing, which is based on Art. 6 (1) a) GDPR, at any time and without giving reasons. In this case we will no longer process your personal data. You can revoke your consent by e-mail to firstname.lastname@example.org or by post to Melissa Data GmbH, Caecilienstr. 42-44, 50667 Cologne, Germany. Each e-mail also contains an unsubscribe link, which will be treated as a cancellation upon confirmation.
d) Contact possibility via the chat function
On our website you have the possibility to send us inquiries via our chat function. In doing so, we process your name and your e-mail address. You can also enter your individual message in the message field. You are free to decide whether you wish to provide us with this data. However, without this information, we will not be able to fulfil your contact request, or at least, not completely. When using the contact form, your personal data will not be passed on to third parties.
The data processing described above for the purpose of establishing and processing contacts is carried out in accordance with Art. 6 (1) b) f) GDPR.
e) Contact request via the website
On our website you have the possibility to send inquiries to e.g. the technical support using our contact form. We will process your first and last name and your e-mail address. You can also enter your individual question/comment in the message field and give us your telephone number on an optional basis. It is up to you whether you want to give us this data. However, without this information we will not be able to fulfil your contact request, or at least, not completely. When using the contact form, your personal data will not be passed on to third parties.
The data processing described above for the purpose of establishing and processing contacts is carried out in accordance with Art. 6 (1) b) or f) GDPR.
f) Comment function on the blog
Melissa Data GmbH offers users the opportunity to leave individual comments on individual blog posts on a blog located on the website of the data controller. A blog is a portal on a website, usually open to the public, where one or more people, called bloggers or web bloggers, can post articles or write down thoughts in so-called blog posts. The blog posts can usually be commented by third parties.
If a person concerned leaves a comment in the blog published on this website, in addition to the comments left by the person concerned, information on the time of the comment as well as the user name (pseudonym), chosen by the person concerned, will be stored and published. Furthermore, the IP address assigned to the person concerned by the Internet Service Provider (ISP) is also logged. This storage of the IP address ensues for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment submitted. Therefore, the storage of this personal data is in the own interest of the person responsible for the processing, so that he/she could be exculpated in case of a violation of the law. The personal data collected will not be passed on to third parties, unless such a transfer is required by law or serves the legal defense of the person responsible for processing.
g) Product test request
On our website you can request trial versions of our products. We process your first and last name and your business e-mail address. Furthermore, you can voluntarily enter your telephone number and company. It is your free decision whether you provide us with this data. However, without this information we will not be able to fulfil your product test request, or at least, not completely.
Your data will be deleted after complete processing of your product request. A further storage can take place in individual cases, if this is legally required.
The data processing described above for the purpose of processing your product test request is carried out in accordance with Art. 6 (1) b) GDPR.
h) Information request
On our website you can request further information about our products. For this purpose we process your first and last name and your business e-mail address. Furthermore, you can voluntarily enter your telephone number and company. It is your free decision whether you provide us with this data. However, without this information we will not be able to fulfil your request for information, or at least, not completely.
Your data will be deleted after your request for information has been completely processed. Further storage can be made in individual cases if this is required by law.
The data processing described above for the purpose of processing your request for information is carried out in accordance with Art. 6 (1) b) GDPR.
i) Consultation appointment request
On our website you have the possibility to request a consultation appointment. We process your first and last name and your business e-mail address. Furthermore, you can voluntarily enter your telephone number and company. It is your free decision whether you provide us with this data. However, without this information we will not be able to fulfil your request for a consultation appointment, or at least, not completely.
Your data will be deleted after complete processing of your appointment request. Further storage can be made in individual cases, if this is required by law.
The data processing described above for the purpose of processing your appointment request is carried out in accordance with Art. 6 (1) b) GDPR.
j) White Paper
To request one of our white papers with information related to our products, we need your first and last name and your business email address. You can also voluntarily enter your phone number and your company information.
The white paper can be downloaded automatically after submitting the contact details. The email address can be used to contact you for further questions and interest.
In addition, we save your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The data will not be passed on to third parties. Your data will be stored until you have revoked this consent. You have the right to revoke your consent to this data processing, which is based on Art. 6 (1) a) GDPR, at any time and without giving reasons. In this case we will no longer process your personal data. You can revoke your consent by sending an e-mail to email@example.com or by post to Melissa Data GmbH, Caecilienstr. 42-44, 50667 Cologne, Germany. Each e-mail also contains an unsubscribe link which will be considered a revocation upon confirmation.
To participate in one or more of our webinars, we need your first and last name and your business email address. You can also voluntarily provide your telephone number and your company. In the case of cooperation with other companies and/or partners, it may be possible that the registration process takes place via their website. We have no influence whatsoever on the input of the information required there.
If you participate in a webinar, your e-mail address will be used for the one-time participation link, after which your data will be deleted.
The data processing described above for the purpose of conducting a webinar is carried out in accordance with Art. 6 (1) b) GDPR.
l) Application Management
On our website you have the possibility to apply for a job at firstname.lastname@example.org by entering your data. The provision of this data is voluntary, but without this information we may not be able to consider your application. Your data will not be passed on to third parties. The collection of this data serves the sole purpose of processing your application documents for the application process. We will keep your data for 6 months after the end of the application process (acceptance or rejection).
The data processing described above for the purpose of processing the application is carried out in accordance with art. 6 (1) a), Art. 9 (2) a) GDPR.
- we are legally obligated to do so by official or court order,
- we are entitled to do so, e.g. because this is necessary for the prosecution of criminal offences or to exercise and enforce our rights or,
- if you have given your prior consent.
a) Right of access to information
You have the right to request information from us at any time about the data we have stored about you, as well as about its origin, recipients or categories of recipients to whom the data is passed on and the purpose of the storage.
b) Right of withdrawal
If you have given your consent to the use of data, you can revoke it at any time without giving reasons with effect for the future. To do so, simply send an e-mail to email@example.com or a written notification to Melissa Data GmbH, Cäcilienstr. 42-44, 50667 Cologne, Germany.
c) Right of rectification
You can demand the correction of incorrect data or the completion of your data stored with us.
d) Right of deletion and blocking
You have the right to block and delete your personal data stored by us. Should the deletion contradict legal storage obligations or other legally established reasons, only the blocking of your data can be carried out instead of the deletion.
e) Data portability
Should you request the return of the personal data you have provided us with, we will, if you so wish, provide or transmit the data to you or another responsible party in a structured, common and machine-readable format. The latter, however, only if this is technically possible.
f) Right of objection
You have the right to object to the processing of personal data concerning you at any time, for reasons arising from your particular situation, within the framework of the requirements of Art. 21 GDPR, provided that the data processing is carried out on the basis of our legitimate interests in accordance with Art. 6 (1) f) GDPR.
g) Contact for the assertion of the rights of the persons concerned
When you contact us, by e-mail to firstname.lastname@example.org or by post to Melissa Data GmbH, Caecilienstr. 42-44, 50667 Cologne, Germany, the data you provide (your e-mail address, your name and your telephone number, if applicable) will be stored by us in order to answer your questions or respond to your request. We delete the data collected in this context after the storage is no longer necessary or restrict the processing if there is a legal obligation to retain the data.
h) Right of appeal to the supervisory authority
You have the right to appeal to the competent supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated.
i) Automated decision making / profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).
5. Transfer of your personal data to third parties
Your personal data will not be transmitted. Your personal data will only be passed on or otherwise transmitted to third parties if
7. Storage duration
Your personal data will be deleted as soon as the respective purpose for processing has been achieved or subsequently ceases to apply, unless there are further legal obligations to process the data.
In addition, such personal data is stored which is necessary for the assertion, exercise or defense of legal claims. This data is deleted at the latest when the statute of limitations comes into effect (usually 3 years).
8. Security measures to protect the data stored with us
We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent loss or misuse of the data stored with us, we take extensive technical and organisational security precautions, which are regularly reviewed and adapted to technological progress. We would like to point out, however, that due to the structure of the Internet it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions that are not within our area of responsibility. In particular, data disclosed in unencrypted form - even if it is sent by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him/her against misuse by means of encryption or in any other way.
On our website, there are so-called hyperlinks to other websites. When these hyperlinks are activated, you will be redirected from our website directly to the websites of other providers. You can recognise this by the change of the URL, among other things. We cannot take responsibility for the confidential handling of your data on other websites. Please inform yourself about the handling of your personal data on other websites directly on the respective websites.
10. External service providers
We use service providers to provide services and to process your data around our services. The service providers process the data exclusively in accordance with our instructions and have been obliged to comply with the applicable data protection regulations. All service providers have been carefully selected and are only granted access to your data to the extent and for the period of time required to provide the services or to the extent to which you have consented to the processing and use of your data.
Service providers in countries such as the United States of America or in countries outside the European Union and the European Economic Area are subject to a data protection regime that generally does not protect personal data to the same extent as is the case in the member states of the European Union. If your data is processed in a country that does not have a recognised high level of data protection such as the European Union, we will use contractual arrangements or other recognised instruments to ensure that your personal data is adequately protected.
11. Rights of data subjects
Status: October 2020