Melissa Privacy Policy
Approach to Privacy
Melissa Corporation considers itself a steward of the information it collects, maintains and utilizes. Our responsibility is to ensure the security of the information in our care and to maintain the privacy of consumers through appropriate, responsible use.
Our information policies define how information may be used. These policies vary to meet the legal requirements and consumer expectations in the area in which the information product or service is being used. Our approach to privacy acknowledges there are changing needs and expectations and provides the flexibility so that Melissa can implement new processes and policies to resolve information issues in this dynamic environment.
This policy sets out our responsibilities under The General Data Protection Regulation 2016 (‘GDPR’) and other applicable laws relating to the processing and security of personal information.
Accountability for Information Use
Melissa is held accountable for its information use by consumer privacy expectations and by laws and industry codes established by government entities and industry organizations around the world. The security of your data is important to Melissa Data. We have a 30+ year history of establishing and refining our controls to secure client data in an ever-changing and increasingly connected world. Among the laws and industry self-regulatory codes which Melissa complies in the United States are:
Service Organization Control (SOC)
Melissa undergoes company-wide SOC 2 Type II audits on an annual basis to have its processes, procedures, and controls formerly evaluated and tested by an independent accounting and auditing firm, SSAE 16 Professionals, LLP. SOC 2 Type II is the corporate industry’s standard for an overall control structure and affirms our long-standing commitment to strong controls and safeguards for handling and processing your data.
Health Insurance Portability & Accountability Act (HIPAA)
Melissa has achieved compliance with all data security standards outlined in the Health Insurance Portability & Accountability Act (HIPAA). Healthcare providers, financial institutions, government agencies, and third party data vendors who handle their data, are required to meet the most stringent data security guidelines by law. The evaluation of compliance was performed by SSAE 16 Professionals, LLP to measure the strict controls Melissa has in place to keep customer information private and secure.
CAN-SPAM Act Direct Marketing Association’s Ethical Business PracticesCalifornia Consumer Privacy Act Notice
The California Consumer Privacy Act (“CCPA”) takes effect on January 1, 2020. It provisions that a resident of California (“consumer”) has certain rights to their personal information. “Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information, which is information lawfully made available from federal, state, or local government records. See further: CA CIV CODE 1798.140, subsections (g) and (o).
The consumer rights provisioned by CCPA are broadly known as the following:
Right to Know
A consumer has the right to request that a business that collects a consumer’s personal information disclose to that consumer the categories and specific pieces of information the business has collected about that consumer, the categories of sources from which such information was collected, and the categories of third parties with whom the business shares personal information. A consumer can exercise their right to know twice in a 12-month period. The request is also limited to the previous 12 months prior to the request. See further: CA CIV CODE 1798.100, 110, 115,
130
Right to Opt-Out of Sale of Personal Information
A consumer has the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. See further: CA CIV CODE 1798.120, 135
Right to Delete
A consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or service provider is not required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity;
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
- Comply with a legal obligation;
- Or a number of other enumerated exceptions.
See further: CA CIV CODE 1798.105
Melissa products and services rely on data collected from a range of third-party data providers, including both government and private sources, which may include a consumer’s personal information. Under the CCPA, a resident of California may submit a verifiable consumer request to exercise the three rights above. If you are a resident of California (as defined in CA CCR 17014) and would like to submit a verifiable consumer request to Melissa, follow the link below to an online submission form, or email Melissa Technical Support Team at CCPArequest@melissa.com or call 1 800 800 6245 x 4.
Submit a Verifiable Consumer Request
In order to prevent improper or potentially fraudulent requests under CCPA, a business must only respond to verifiable consumer requests only from that consumer. Such requests must only come directly from the consumer themselves or their agent that is authorized in writing, such as a power of attorney, and must include documented proof of the consumer’s identity (and agent’s identity, if applicable). See further: CA CIV CODE 1798.140, subsection (y), 185, subsection (a)(7).
The CCPA also provides that a business shall not discriminate against a consumer because the consumer exercised any of the consumer’s rights under the CCPA. See further: CA CIV CODE 1798.125.
Pursuant to CA CIV CODE 1798.130, Melissa discloses that products and services sold to customers may contain personal information of California consumers (as defined in CA CIV CODE 1798.140). Such products and services are typically used for address validation, identity verification, or for marketing and CRM (customer relationship management) purposes. For a list of categories of personal information click here.
Categories: name, address, phone number, email, gender, date of birth, age, race, marital status, home-ownership status, hobby and lifestyle interest preferences, vehicle type preference, consumer credit card holding status.
EU-U.S. Privacy Shield Framework
I. Adherence to Privacy Shield Principles
Melissa is held accountable for its information use by consumer privacy expectations and by laws and industry codes established by government entities and industry organizations around the world. The security of your data is important to Melissa Data. We have a 30+ year history of establishing and refining our controls to secure client data in an ever-changing and increasingly connected world. Among the laws and industry self-regulatory codes which Melissa complies in the United States are:
II. Right to Access, Amend or Delete Personal Information (Your rights under GDPR)
Individual data subjects in the European Union have the right to know what personal data about them is stored in Melissa databases and to ensure that such personal data is accurate and relevant for the purposes for which Melissa collected it. Individual Customers may review their own personal data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and Melissa policies. Upon reasonable request and as required by the Privacy Shield principles, Melissa allows individual Customers access to their personal data, in order to correct or amend such data where inaccurate. Individual Customers may edit their Personal Data by logging into their account profile or by contacting Melissa Technical Support by email or phone at: privacyshield@melissa.com or 1-800-635-4772 opt. 4. In making modifications to their personal data, individual data subjects must provide only truthful, complete, and accurate information. To request complete erasure of personal data, individual data subjects are required to submit a written request. Melissa will endeavor to respond in a timely manner to all reasonable written requests to view, correct, amend, or delete all personal data of data subjects.
Melissa will offer EU and Swiss individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at privacyshield@melissa.com.
III. Inquiries and Dispute Resolution
In compliance with Privacy Shield Principles, Melissa commits to resolve inquiries or complaints about the collection or use of personal data of identifiable data subjects. An individual data subject in the European Union with inquires or complaints regarding personal data or this Privacy policy should contact Melissa at: privacyshield@melissa.com. Melissa is committed to addressing all Privacy Shield inquires or complaints in a timely manner, and to refer unresolved complaints to JAMS Alternate Dispute Resolution, an alternate dispute resolution provider located in the United States. JAMS Alternate Dispute Resolution has been chosen by Melissa as a third party dispute resolution provider. More information can be found at: https://www.jamsadr.com/eu-us-privacy-shield. If an inquiry or complaint has not been acknowledged or resolved by Melissa in a reasonably timely manner, EU data subjects should contact the above third party provider for more information or to file a complaint. Such services are provided at no cost to the data subject. In addition, in certain and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
IV. United States Regulatory Agencies
The EU-U.S. Privacy Shield Framework is set forth by the US Department of Commerce. The United States Federal Trade Commission (FTC) has jurisdiction over Melissa Corporation’s compliance with the Privacy Shield.
V. Third Parties and Onward Transfers
Melissa may provide personal data to third parties that act as agents or subcontractors to perform tasks on behalf of and under specific instructions. Such third parties must agree to use personal data only for the purposes for which they have been engaged by Melissa and must contractually agree, through European Commission model clauses and/or similar agreements, to comply with the Privacy Shield principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of personal data. Melissa also may disclose personal data for other purposes or to other third parties when an individual data subject has consented to or requested such disclosure.
In addition, Melissa may be required to disclose an individual data subject’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. As part of EU-US Privacy Shield Framework and its commitments under European Commission model clauses agreements, Melissa retains its liability and responsibility for appropriate onward transfers of personal data to third parties.
VI.
Melissa Corporation complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Melissa Corporation has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
Opting Out
Targeted advertising provides choices, competitive offers and convenience – qualities sought and valued by many consumers. However, you can choose not to receive targeted advertising from Melissa by opting out.
Opting Out of Email
Melissa markets its own products and services by email. Every email sent from Melissa will include appropriate unsubscribe instructions.
To opt out of or change your newsletter subscriptions, visit our newsletter subscription page here: www.melissa.com/resources/newsletters.html. To opt out of all email marketing messages from Melissa, you must send an email to unsubscribe@melissa.com from the email address you with to unsubscribe. Please clearly state in your email, “Unsubscribe me from all Melissa email marketing.” This is the only way to assure that you no longer receive email advertising messages from Melissa.
Opting Out of Direct Mail
The Direct Marketing Association’s DMAChoice mail preference service allows you to opt out of receiving unsolicited commercial mail from many national companies. When you register with this service, your name will be put on a “delete” file and made available to direct-mail marketers and organizations. This will reduce most of your unsolicited mail. If you would like to opt out of direct mail advertising, please visit www.dmachoice.org
Responsible marketing companies respect your choice to not receive direct mail advertising. DMA members, as a condition of membership, are required to suppress the names and addresses of individuals who have notified the DMA that they do not want to receive advertising by mail. As a DMA member, Melissa subscribes to and suppresses any name and address on the DMAChoice mail preference service file from its direct mail marketing efforts.
You may also contact Melissa directly to be suppresses from our direct mail marketing efforts. Opting-out of direct mail marketing from Melissa will only stop mailings from Melissa.
You can contact Melissa by calling us at 1 800 635 4772 or by sending your complete name (including any name variations), mailing address, complete telephone number (including area code) and email address to optout@melissa.com or to the below postal address.
Melissa Corporation
Attn: Opt-out Services
22382 Avenida Empresa
Rancho Santa Margarita, CA 92688-2112
Please specify if you wish to be removed from our direct mailing list, email mailing list or both. If you move or change your name, you will need to opt-out again with your new address or name.
Privacy Statement
Consent
By using this site, you agree to the terms of this Privacy Statement. Whenever you submit information via this site, you consent to the collection, use and disclosure of that information in accordance with this Privacy Statement.
Coverage
This policy covers how the Melissa Corporation (“Melissa”) treats personal information that Melissa collects and receives, including information related to customer past use of Melissa products and services. Personal information is information about customers, potential customers, Melissa website users, and others who may provide information that is personally identifiable, such as, name, address, email address, or phone number, and that is not otherwise publicly available. This policy does not apply to the practices of entities that Melissa does not own or control or to people that Melissa does not employ or manage.
Personally Identifiable Information Collection and General Use
Melissa may gather information related to the use of its products and services, registration of a user account on the Melissa website, or in the course of standard business practices. Personal identifiable information (“PII”) is collected from such parties only after obtaining consent, which is obtained when such parties are prompted for information when requesting product information, downloading a trial version of a product, registering a new user account, registering a product, purchasing a product or service, or contacting customer support. Melissa may collect usage statistics to enable Melissa to improve user experience and allocate internal resources. Purchasing Melissa products or services requires a customer to provide certain personal information and enter into a License Agreement. Nothing herein is intended to modify the terms in such a License Agreement.
Information Sharing and Disclosure
Melissa does not rent, sell, or share personal information that is provided to it under Section 2, except when Melissa has obtained explicit permission, or under the following circumstances:
- Responses to subpoenas; court orders; or legal process; or to establish or exercise Melissa’s legal rights or defend against legal claims.
- Personal information is transferred in the event the product or service is acquired in its entirety by another entity. Melissa shall issue a notification before information is transferred and becomes subject to a different privacy policy.
Information Collected During Data Processing
Information transmitted by users to the Melissa servers as part of data processing functions of its products or services is retained only to the limited extent necessary to complete the associated processing functions of the products or services.
User Account Information Use
Melissa reserves the right to send certain communications relating to its products or services, such as service announcements, administrative messages, feedback requests that are considered part of routine technical support procedures.
Security
Melissa takes appropriate steps to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, whether in transmission or storage. All personnel are trained on the appropriate use of PII and they are retrained yearly with advances in personal security and best practices.
Changes to this Privacy Policy
Melissa may update this privacy policy as necessary and shall post notifications regarding such updates on its corporate website.