Updated November 2023
Adherence to Data Privacy Framework Principles
Right to Access, Amend or Delete Personal Information (Your rights under GDPR)
Inquiries and Dispute Resolution
United States Regulatory Agencies
Third Parties and Onward Transfers
Under the EU’s General Data Protection Regulation (GDPR), individual data subjects in the European Union have the right to know what personal data about them is stored in Melissa databases and to ensure that such personal data is accurate and relevant for the purposes for which Melissa collected it. Individual Customers may review their own personal data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and Melissa policies. Upon reasonable request and as required by the DPF Principles, Melissa allows individual Customers access to their personal data, in order to correct or amend such data where inaccurate. Individual Customers may edit their Personal Data by logging into their account profile or by contacting Melissa Technical Support by email or phone at: ConsumerRequest@melissa.com or +1-800-635-4772(MELISSA) option 4. In making modifications to their personal data, individual data subjects must provide only truthful, complete, and accurate information. To request complete erasure of personal data, individual data subjects are required to submit a written request. Melissa will endeavor to respond in a timely manner to all reasonable written requests to view, correct, amend, or delete all personal data of data subjects.
Melissa will offer EU individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at ConsumerRequest@melissa.com
The EU-U.S Data Privacy Framework is set forth by the US Department of Commerce. The United States Federal Trade Commission (FTC) has jurisdiction over Melissa’s compliance with the DPF Principles.
Melissa may provide personal data to third parties that act as agents or subcontractors to perform tasks on behalf of and under specific instructions. Such third parties must agree to use personal data only for the purposes for which they have been engaged by Melissa and must contractually agree, through European Commission model clauses and/or similar agreements, to comply with the DPF Principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of personal data. Melissa also may disclose personal data for other purposes or to other third parties when an individual data subject has consented to or requested such disclosure.
In addition, Melissa may be required to disclose an individual data subject’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. As part of EU-US Data Privacy Framework and its commitments under European Commission model clauses agreements, Melissa retains its liability and responsibility for appropriate onward transfers of personal data to third parties.