Last updated April 4th 2018
This Policy details Meliora Ltd’s commitment to protecting the privacy of users who sign up to use the products (“Service”) Meliora Ltd offers (“Testlab Users”), users who use support services of Meliora Ltd (“Support Users”), and individuals who make the commitment to Meliora Ltd as a customer (“Customer”, “Contact Person”). For the purposes of this policy, the term “Testlab User” shall refer to an individual who uses the Meliora Testlab product as a Service from .melioratestlab.com domain.
In this policy, personal data means any information relating to a natural person directly or indirectly such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person. As a clarification, no sensitive data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, is handled or stored by Meliora Ltd. The use of personal data collected through services offered shall be limited to the purpose of providing the services for which the users have engaged to.
In the context of using our Services, users may encounter links to other websites or services and the content of such other websites or services are governed by the privacy policies of such other websites or services. We encourage you to review the privacy policies of any such other websites or services to understand their data processing practices.
This policy does not apply to our practices, including how we protect, collect, store and use the electronic data, text, messages or other materials submitted and stored to Services by you (“Service Data”). These practices are detailed in and governed by the Service Agreement, available here, or such other separate applicable agreement between you and Meliora Ltd. As a clarification, a clear distinction is made between the personal data of individuals we collect or process in terms of providing the Service, and the Service Data entered and owned by the Customer. In accordance with GDPR, all possible personal data entered as Service Data by you is your responsibility as a Data Controller. As we provide the Service for you to store your data in to, we will act as a Data Processor on your behalf.
Personal Data we collect (See 3. Data provided to us or collected by us) to provide you the Service, or fulfill our obligations of Service Agreement to you, is our responsibility as a Data Controller.
For all users using Meliora Testlab as a Service, a user account is stored with
Please note, that all user accounts created to the service, or granted access to the service by for example integrating your Testlab with external user repository, by you, is regarded as Service Data. This means that in accordance with GDPR – if it applies to you – these user accounts as Personal Data are in your responsibility as a Data Controller.
For users who register to our support services, a user account is stored with a full name of the user and an e-mail address.
For users who enroll in our Service as a paying Customer, in addition to the user account created to the Service (See “Testlab Users” above), billing information is stored with
If credit card billing is used (in terms of Testlab Self-service), the needed billing information such as credit card number and billing address is collected. Other payment methods might require other billing related information to be collected. If such information is collected, it is handled in accordance with this Policy.
The servers used to provide the Service gather certain information about the traffic and store it in log files. This information includes
The servers used to provide the Service gather certain anonymous information about the traffic and store it in log files. This information includes
Occasionally, we might connect personal information to anonymous information gathered in our log files to improve and maintain the quality of the Service. Also, for the purposes of tracing possible errors or anomalies in the Service, we might occasionally raise the levels of logging to resolve such problems. In these cases, we treat the combined and/or logged information in accordance with this Policy.
We use analytics services to track the use of the Service to help us improve and maintain the quality of the Service. The analytics data gathered is anonymous and contains no personal or sensitive data.
The Personal Data we collect about you as an individual is used
We collect Personal Data from you only where: (a) we have obtained consent from you to do so, (b) we need the information for making and maintaining a contract with you (such as providing the Service for you and handling billing – Contractual necessity), (c) fulfill the business-related legal obligations such as accounting (Compliance with legal obligations).
We share Service related information, including Personal Data, with our third-party service providers. The service providers are used for hosting, maintaining (such as storing and backing up the data), payment processing, analytics, and other operative services. The list of third parties in question is provided below (see 6. Subprocessors). We use processes, such as encryption, to minimize the exposure of Personal Data to third parties. Still, these service providers may have access to the personal data for the purpose of providing these services. We do not permit our service providers to use the personal data for any other purposes than to provide the sub-contracted service for us.
Meliora Ltd uses a number of subprocessors to provide the Service and fulfill the obligations of the Service Agreement. Whenever we share Personal Data originating from EEA with a Subprocessor outside the EEA, we make every effort to ensure the Subprocessor is in compliance with GDPR.
1. For hosting the Service, Meliora Ltd uses services of
2. For providing support services, Meliora Ltd uses services of
3. For handling credit card transactions, Meliora Ltd uses services of Stripe.
With Zendesk, Inc., who subprocesses the personal data of data subjects engaged in support processes, we have signed a separate Data Processing Agreement with the EU Commission’s “Controller-to-Processor Model Clauses” in place (annexed to EU Commission Decision 2010/87/EU).
The Personal Data will be retained for as long as is needed to fulfill the purposes described in this Policy. The Data can also be retained for longer if that is required by the law (for example accounting, tax or other similar business-related legal requirement). When the Personal Data is no longer needed to fulfill the obligations, it is either deleted or permanently anonymized.
The data retention policy of the Customer’s Service Data is described in Service Agreement.
For the Personal Data, which Meliora Ltd collects about you as a Data Controller, in addition to the rights described in this Policy, you have the following rights:
We consider all requests in accordance with applicable laws. Please note, however, that some Personal Data might be required to provide the Service for you and to fulfill the obligations of the Service Agreement to you as a Customer. Also, for record-keeping purposes, some Personal Data might be needed to comply with our legal obligations. If your request related to the rights explained above is in conflict with the obligations of ours, we will communicate these conflicts with you before proceeding with the request. We will process all requests within 30 days of receiving the request.
You also have the right to make a complaint to a Data Protection Authority about our use of your Personal Data. For more information, please contact your local DPA.
Meliora Ltd handles all Personal Data with strict confidence and processes which are in compliance with the applicable laws. In accordance with GDPR,
The impact of every breach of Personal Data is analyzed. If the breach is unlikely to result in a risk for the rights and freedoms of natural persons, we reserve the right to not do the notifications explained above.
We may assign or transfer this Policy, as well as your Personal and Service Data, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge as a business.
We reserve the right to make cosmetic changes to this Policy without prior notification. These changes do not change the actual content of this Policy and are in line with changes such as updating hyperlinks, stylizing of the text, correcting typographical errors, clearing up the terminology or similar.
In case of any discrepancies between different language versions of this Policy (if any), the English version shall prevail.
For any questions or requests regarding this Policy, please contact us by e-mail at firstname.lastname@example.org. You can also send us a postal letter to the current operative address of Meliora Ltd by addressing the letter to “Legal Department”.