This Privacy Policy sets out how MELP BV (hereinafter referred to as MELP or the Company) processes your personal data as data subjects: it contains information on what personal data is processed, how it is received and further processed, to whom it is granted, what rights you have and where to apply for the exercise of these rights or other issues related to the processing of personal data.
By continuing to use the MELP mobile application, you hereby acknowledge that you are aware of the terms and conditions for the processing of personal data set out in this Privacy Policy.
When processing personal data, we comply with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications and other directly applicable legal acts regulating the protection of personal data, as well as the instructions of the competent authorities.
The protection of personal data is of the utmost importance to us, our customers, and other persons whose personal data we process, therefore, we always make every effort to ensure that your personal data is processed with the utmost responsibility and care in order to ensure your privacy and data security.
We use several legal terms in this Privacy Policy, therefore, we believe it is important for you to know them in order to understand this Policy. The descriptions of these terms are provided below.
Personal Data or Data shall mean any information that may be used to identify a person (Data Subject), as well as any information about a person who has already been identified.
Personal Data Processing or Processing shall mean any operation (action) involving personal data or sets of personal data, including, but not limited to, collecting, recording, sorting, organising, storing, adapting, accessing, using, disclosing, transmitting, distributing or otherwise making available, as well as collation or merging with other data, restriction, deletion or other destruction of data.
Data Subject shall mean you or any individual using the MELP mobile application.
Data Processor or Processor shall mean a natural person or legal entity acting on behalf of a data controller and authorized to process the data controller’s personal data only in accordance with the data controller’s instructions or as required by the applicable legislation. In this case, MELP is the Data Processor.
Data Controller or Controller shall mean our Customer, natural person or legal entity (Company), who determines the purposes and means of processing the personal data controlled by it. The Data Controller shall have the right to involve other parties to process personal data on its behalf – processors.
Customer or Company shall mean (i) a legal entity acting as an employer; (ii) a self-employed natural person acting as an employer; (iii) a person who employs natural persons on the basis of a service or other civil contract; (iv) a person who provides benefits to Users on a basis other than an employment contract or civil contract. This person shall be the Data Controller.
MELP or We shall mean MELP BV, KvK code 80201547, registration No. 000046569057, registered office address Prof. J.H.Bavincklaan, 71183AT Amstelveen, the Netherlands or any other MELP company established in the country where the MELP services are provided.
MELP Mobile Application shall mean a MELP mobile application that the User (you) can download to their smart device. The MELP Mobile Application allows the User (you) to see information about the Benefits provided by the Company to you, select them and perform other permitted actions.
Mobile Application User or User or You shall mean a user of the MELP Mobile Application who is an employee of the Company (Customer) or a natural person otherwise related to the Company (Customer) and who uses the MELP Mobile Application to find out about the benefits provided by the Company (Customer) and perform other actions. This person is a Data Subject.
Benefits shall mean the benefits provided to the User (you) by the Company in connection with the User’s promotion, health, insurance and training services, discounts, services provided by third parties or other incentives that the User is entitled to use due to its relationship with the Company;
MELP is the owner of Software which is provided as a Service (SaaS). This service is designed to help our Customers manage and administer the benefits provided to you, communicate with you, send you various messages, etc.
An integral part of the services provided to MELP Customers is the opportunity for you, as a User of the MELP Mobile Application, to see the Benefits Provided by the Company to you, receive notifications and use other functions of the MELP Mobile Application.
In providing these services, we must process your personal data provided to us by the Company.
Thus, we would like to draw your attention to the fact that it is the Company that is the Data Controller of your personal data, and MELP acts only as the Data Processor, i.e. we only process your data provided to us by the Data Controller – the Company that created the user account for you. MELP shall in no way act as your Personal Data Controller.
When you, as a Mobile Application User, first join MELP, we will inform you of the roles of the Company as Data Controller and MELP as Data Processor by providing you with this Privacy Policy.
Your Data Processor shall be MELP UAB, legal entity code 305615566, registered office address Klevų st. 10, LT-06248 Vilnius, the Republic of Lithuania.
Contact details of the person responsible for data protection (Data Protection Officer):
Your Data Controller is a Company that communicates to you about benefits, sends news and/or performs other actions with the help of the MELP Mobile Application.
The scope of Personal Data and processing operations (actions) performed by MELP always depends on the service package chosen by the Company. The most common data processing operations include, but are not limited to:
We hereby note that MELP shall process your Personal Data only in order to provide services to the Customers (Companies) and only in accordance with the instructions of the Customers (Companies) or as required by applicable law. Separate service and data processing agreements shall be concluded with each Customer (Company). In these agreements, we stipulate that MELP acts as the Data Processor, subordinate to the Data Controller (Company), and must comply with the Customer’s (Company’s) instructions related to data processing in order to provide services to the Customer. The data processing agreement also sets out the obligations of the MELP with regard to data security obligations.
MELP may use various service providers who can process your Personal Data (sub-processors). The services provided by these persons are necessary for us to provide the Customer (Company) with a comprehensive service with the best and most convenient functions for you as a MELP User, as well as to improve the quality of services, expand the use of MELP Mobile Application and its functions. Sub-processors who can process your Personal Data provide a wide range of products and services, such as provision of databases, software, communication, data centre, hosting and cloud services, messaging, etc.
In each case, we shall provide the data sub-processor with only as much data as is necessary to provide its products or services.
When we process your Personal Data, we shall store and process it in the European Economic Area (EEA). We hereby note that no Personal Data shall be transferred to third parties outside the EEA.
In cases where we have to use a sub-processor that processes Personal Data outside the EEA, MELP shall enter into appropriate data processing agreements (so-called standard agreement terms and conditions) with the sub-processor and shall ensure that additional security measures are in place which at the same time guarantee an adequate level of Data Protection.
MELP shall use Amazon Web Service (AWS) data centres located in the Republic of Ireland.
Under the General Data Protection Regulation, you, as the Data Subject, shall have the following rights:
For the exercise of your rights, please contact our Customer (Company), i.e. your employer or any other natural person or legal entity related to you who, as a processor of your personal data, uses the MELP service.
MELP undertakes to cooperate with the Customer (Company) and provide it with all the assistance and information necessary for the exercise of your rights.
This Policy entered into force on 15 July 2021. If we change this Policy, we shall publish an updated and valid version on the website www.melp.com and in the MELP Mobile Application, and, if necessary, notify you of the changes in other ways.