When processing personal data, we comply with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications and other directly applicable legal acts regulating the protection of personal data, as well as the instructions of the competent authorities.
The protection of personal data is of the utmost importance to us, our customers, and other persons whose personal data we process, therefore, we always make every effort to ensure that your personal data is processed with the utmost responsibility and care in order to ensure your privacy and data security.
Personal Data or Data shall mean any information that may be used to identify a person (Data Subject), as well as any information about a person who has already been identified.
Personal Data Processing or Processing shall mean any operation (action) involving personal data or sets of personal data, including, but not limited to, collecting, recording, sorting, organising, storing, adapting, accessing, using, disclosing, transmitting, distributing or otherwise making available, as well as collation or merging with other data, restriction, deletion or other destruction of data.
Data Subject shall mean you or any individual using the MELP mobile application.
Data Processor or Processor shall mean a natural person or legal entity acting on behalf of a data controller and authorized to process the data controller’s personal data only in accordance with the data controller’s instructions or as required by the applicable legislation. In this case, MELP is the Data Processor.
Data Controller or Controller shall mean our Customer, natural person or legal entity (Company), who determines the purposes and means of processing the personal data controlled by it. The Data Controller shall have the right to involve other parties to process personal data on its behalf – processors.
Customer or Company shall mean (i) a legal entity acting as an employer; (ii) a self-employed natural person acting as an employer; (iii) a person who employs natural persons on the basis of a service or other civil contract; (iv) a person who provides benefits to Users on a basis other than an employment contract or civil contract. This person shall be the Data Controller.
MELP or We shall mean MELP BV, KvK code 80201547, registration No. 000046569057, registered office address Prof. J.H.Bavincklaan, 71183AT Amstelveen, the Netherlands or any other MELP company established in the country where the MELP services are provided.
MELP Mobile Application shall mean a MELP mobile application that the User (you) can download to their smart device. The MELP Mobile Application allows the User (you) to see information about the Benefits provided by the Company to you, select them and perform other permitted actions.
Mobile Application User or User or You shall mean a user of the MELP Mobile Application who is an employee of the Company (Customer) or a natural person otherwise related to the Company (Customer) and who uses the MELP Mobile Application to find out about the benefits provided by the Company (Customer) and perform other actions. This person is a Data Subject.
Benefits shall mean the benefits provided to the User (you) by the Company in connection with the User’s promotion, health, insurance and training services, discounts, services provided by third parties or other incentives that the User is entitled to use due to its relationship with the Company;
Why does MELP process your personal data?
MELP is the owner of Software which is provided as a Service (SaaS). This service is designed to help our Customers manage and administer the benefits provided to you, communicate with you, send you various messages, etc.
An integral part of the services provided to MELP Customers is the opportunity for you, as a User of the MELP Mobile Application, to see the Benefits Provided by the Company to you, receive notifications and use other functions of the MELP Mobile Application.
In providing these services, we must process your personal data provided to us by the Company.
Thus, we would like to draw your attention to the fact that it is the Company that is the Data Controller of your personal data, and MELP acts only as the Data Processor, i.e. we only process your data provided to us by the Data Controller – the Company that created the user account for you. MELP shall in no way act as your Personal Data Controller.
Your Data Controller and Processor
Your Data Processor shall be MELP UAB, legal entity code 305615566, registered office address Klevų st. 10, LT-06248 Vilnius, the Republic of Lithuania.
Contact details of the person responsible for data protection (Data Protection Officer):
- e-mail address: firstname.lastname@example.org.
- postal address for correspondence: Klevų st. 10, LT-06248 Vilnius, the Republic of Lithuania. Address the letter as follows: MELP UAB, for the Data Protection Officer.
Your Data Controller is a Company that communicates to you about benefits, sends news and/or performs other actions with the help of the MELP Mobile Application.
How MELP processes your Personal Data
The scope of Personal Data and processing operations (actions) performed by MELP always depends on the service package chosen by the Company. The most common data processing operations include, but are not limited to:
- Creation of Users’ personal accounts when the Company enters the Users’ Personal Data, assigns benefits to them or performs other actions, the scope of which depends on the service package selected by the Company;
- Receipt of Personal Data related to MELP Users from Companies (in certain cases, Personal Data may also be obtained from Users themselves);
- Administration of User accounts;
- Development of new functionalities, services and products for our Customers.
We hereby note that MELP shall process your Personal Data only in order to provide services to the Customers (Companies) and only in accordance with the instructions of the Customers (Companies) or as required by applicable law. Separate service and data processing agreements shall be concluded with each Customer (Company). In these agreements, we stipulate that MELP acts as the Data Processor, subordinate to the Data Controller (Company), and must comply with the Customer’s (Company’s) instructions related to data processing in order to provide services to the Customer. The data processing agreement also sets out the obligations of the MELP with regard to data security obligations.
Data Retention and Transmission. In which countries is your Personal Data processed?
MELP may use various service providers who can process your Personal Data (sub-processors). The services provided by these persons are necessary for us to provide the Customer (Company) with a comprehensive service with the best and most convenient functions for you as a MELP User, as well as to improve the quality of services, expand the use of MELP Mobile Application and its functions. Sub-processors who can process your Personal Data provide a wide range of products and services, such as provision of databases, software, communication, data centre, hosting and cloud services, messaging, etc.
In each case, we shall provide the data sub-processor with only as much data as is necessary to provide its products or services.
When we process your Personal Data, we shall store and process it in the European Economic Area (EEA). We hereby note that no Personal Data shall be transferred to third parties outside the EEA.
In cases where we have to use a sub-processor that processes Personal Data outside the EEA, MELP shall enter into appropriate data processing agreements (so-called standard agreement terms and conditions) with the sub-processor and shall ensure that additional security measures are in place which at the same time guarantee an adequate level of Data Protection.
MELP shall use Amazon Web Service (AWS) data centres located in the Republic of Ireland.
Rights of Data Subjects
Under the General Data Protection Regulation, you, as the Data Subject, shall have the following rights:
- to get acquainted with your Personal Data being processed;
- to demand the correction or supplementation of incomplete Personal Data of you;
- to revoke the consent for the processing of Personal Data;
- to object to the processing of Personal Data in cases where the processing of Personal Data is based on unlawful interests;
- to demand restrictions on the processing of your Personal Data;
- to demand the deletion/destruction of your Personal Data (the right to be forgotten);
- the right to data transfer;
- to file a complaint about the processing of Personal Data.
For the exercise of your rights, please contact our Customer (Company), i.e. your employer or any other natural person or legal entity related to you who, as a processor of your personal data, uses the MELP service.
MELP undertakes to cooperate with the Customer (Company) and provide it with all the assistance and information necessary for the exercise of your rights.
Validity and Amendments of the Policy
This Policy entered into force on 15 July 2021. If we change this Policy, we shall publish an updated and valid version on the website www.melp.com and in the MELP Mobile Application, and, if necessary, notify you of the changes in other ways.