EU-U.S. Data Privacy Framework
Updated November 2023
-
Adherence to Data Privacy Framework Principles
-
Right to Access, Amend or Delete Personal Information (Your rights under GDPR)
-
Inquiries and Dispute Resolution
-
United States Regulatory Agencies
-
Third Parties and Onward Transfers
Melissa complies with the EU-U.S. Data Privacy Framework Principles (“DPF Principles”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU) to the United States. Melissa has certified to the Department of Commerce that it adheres to the DPF Principles. If there is any conflict between the terms of our Privacy Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework and to view our certification, please visit https://www.dataprivacyframework.gov/.
Under the EU’s General Data Protection Regulation (GDPR), individual data subjects in the European Union have the right to know what personal data about them is stored in Melissa databases and to ensure that such personal data is accurate and relevant for the purposes for which Melissa collected it. Individual Customers may review their own personal data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and Melissa policies. Upon reasonable request and as required by the DPF Principles, Melissa allows individual Customers access to their personal data, in order to correct or amend such data where inaccurate. Individual Customers may edit their Personal Data by logging into their account profile or by contacting Melissa Technical Support by email or phone at: ConsumerRequest@melissa.com or +1-800-635-4772(MELISSA) option 4. In making modifications to their personal data, individual data subjects must provide only truthful, complete, and accurate information. To request complete erasure of personal data, individual data subjects are required to submit a written request. Melissa will endeavor to respond in a timely manner to all reasonable written requests to view, correct, amend, or delete all personal data of data subjects.
Melissa will offer EU individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at ConsumerRequest@melissa.com
In compliance with DPF Principles, Melissa commits to resolve inquiries or complaints about the collection or use of personal data of identifiable data subjects. An individual data subject in the European Union with inquires or complaints regarding personal data or this Privacy policy should contact Melissa at: ConsumerRequest@melissa.com. Melissa is committed to addressing all Data Privacy Framework inquires or complaints in a timely manner, and to refer unresolved complaints to JAMS Alternate Dispute Resolution, an alternate dispute resolution provider located in the United States. JAMS Alternate Dispute Resolution has been chosen by Melissa as a third-party dispute resolution provider. More information can be found at: https://www.jamsadr.com/dpf-dispute-resolution. If an inquiry or complaint has not been acknowledged or resolved by Melissa in a reasonably timely manner, EU data subjects should contact the above third-party provider for more information or to file a complaint. Such services are provided at no cost to the data subject. In addition, in certain and in limited situations, EU individuals may seek redress from the Data Privacy Framework Panel, a binding arbitration mechanism.
The EU-U.S Data Privacy Framework is set forth by the US Department of Commerce. The United States Federal Trade Commission (FTC) has jurisdiction over Melissa’s compliance with the DPF Principles.
Melissa may provide personal data to third parties that act as agents or subcontractors to perform tasks on behalf of and under specific instructions. Such third parties must agree to use personal data only for the purposes for which they have been engaged by Melissa and must contractually agree, through European Commission model clauses and/or similar agreements, to comply with the DPF Principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of personal data. Melissa also may disclose personal data for other purposes or to other third parties when an individual data subject has consented to or requested such disclosure.
In addition, Melissa may be required to disclose an individual data subject’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. As part of EU-US Data Privacy Framework and its commitments under European Commission model clauses agreements, Melissa retains its liability and responsibility for appropriate onward transfers of personal data to third parties.