Global Email:Privacy and Global Email: Difference between revisions

From Melissa Data Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 5: Line 5:
{{CustomTOC}}
{{CustomTOC}}


==What is GDPR?==
==Certifications and Compliance==
As a company, Melissa is fully GDPR compliant and holds various certifications. We are proud to take privacy and security very seriously, and aim to be transparent when detailing how we handle your data.
 
All Global Email requests are secured with HTTPS and the latest TLS.
 
Please refer to our [https://www.melissa.com/company/compliance compliance page] for more details.
 
 
==What We Store and Why==
We store some minimal information from each Global Email request for logging, diagnostic, debugging, and optimization purposes.
 
Melissa does NOT give or sell this information to any other entity. It is all strictly for internal use.
 
Also, we do NOT use received emails for any marketing or advertising purpose. Again, they are only used internally for Global Email.
 
Aside from standard diagnostic and debugging information, Global Email does use a cache of emails. This cache stores the result of the last check on that email so that users who verify an email within a short time of another user verifying the same email can get the same results faster.
 
For European users, emails are additionally encrypted using a one-way hash, which means that emails are impossible to decipher and are not human-readable.
 
See the following sections for more details.
 
 
===Outside of Europe===
For users not affected by any extra privacy regulations, Global Email securely logs emails and other internal diagnostic information. As mentioned above, all Global Email requests are sent with current HTTPS and TLS encryption.
 
This cache is just emails with several numerical values attached to them. This is used for internal logging purposes, and more importantly to improve speed without sacrificing accuracy. There is nothing to tie any email to any individual, whether that be the owner of the email or the user who verified the email.
 
 
===Europe and GDPR===
As of the 25th of May 2018, the European Union implemented the General Data Protection Regulations (GDPR).
As of the 25th of May 2018, the European Union implemented the General Data Protection Regulations (GDPR).


Line 14: Line 42:
Additionally, GDPR dictates that data systems must implement data privacy and protection by default.
Additionally, GDPR dictates that data systems must implement data privacy and protection by default.


[https://gdpr.eu/article-6-how-to-process-personal-data-legally/ Article 6 of GDPR] outlines the 6 scenarios when an organization can legally use personal data at length. Overall, it comes down to either needing to, or doing so with the explicit consent of the individual source of the data.
For more information, see [https://gdpr.eu/what-is-gdpr/ this summary of GDPR] from the European Union itself, or the [https://gdpr.eu/tag/gdpr/ full text of the regulations].


On the consumer side, GDPR outlines many rights afforded to individuals regarding their data - rights to be informed, access, erasure, etc. [https://gdpr.eu/tag/chapter-3/ Chapter 3] of the GDPR outlines these rights in full.
Emails specifically are less sensitive compared to other personal data, such as full names or addresses. GDPR does allow companies to store emails - no encryption or other obfuscation required - as long as it is hard to connect any email to any other piece of personal information, whether internally or in the event of a breach.


For more information, see [https://gdpr.eu/what-is-gdpr/ this summary of GDPR] from the European Union itself, or [https://gdpr.eu/tag/gdpr/ the full text of the regulations].
Other information related to emails, namely information about domains, is not considered personal data. You may find that some requests do include contact information about the domain owner, but this information is gathered from external sources, all of which are GDPR compliant in their own right.


Interestingly, since GDPR allows companies to store unencrypted emails as long as they cannot be connected to other personal information, our method of caching outside of Europe was already GDPR compliant.


==Is Global Email compliant with GDPR?==
But, for Global Email specifically, we have gone beyond simple compliance.
Melissa Data as a company is fully GDPR compliant.


Emails are overall less sensitive compared to other personal data, such as full names and addresses. GDPR does allow companies to store actual emails - no hashing or other obfuscation required - such that it is hard to connect any email to any other piece of personal information, whether internally or in the event of a breach.
We store information about the connection status of the MX server in the form of encrypted hashes. This means that users get the best of both worlds: the performance of our non-European email verification, and the assurance that we are more than fully GDPR compliant. As mentioned previously, all encryption is one-way.


Other information related to emails, namely information about domains, is not considered personal data. You may find that some requests do include contact information about the domain owner, but this information is gathered from external sources, all of which are GDPR compliant in their own right.
Please do not hesitate to reach out to us with any questions regarding our GDPR compliance.


For Global Email specifically, we have gone beyond simple compliance.


While GDPR does allow companies to store unencrypted emails as long as they cannot be connected to other personally identifiable information, we have gone a step further.
===Data Across Borders===
 
It is important to note that GDPR does allow companies to leverage data gathered and stored outside of the GDPR sphere of influence. Therefore, we use our US-hosted cache of nearly 800 million emails to bolster email verification in Europe in only a ''read'' capacity.
We store information about the connection status of the MX server in the form of encrypted hashes. This means that users get the best of both worlds: the performance of our non-European email verification, and the assurance that we are more than fully GDPR compliant. Additionally, all our encryption is one-way.
 
It is important to note that GDPR does allow for US-based companies to leverage data gathered and stored outside of the GDPR sphere of influence. Therefore, we use our US-hosted cache of nearly 800 million emails to bolster email verification in Europe.
 
Please do not hesitate to reach out to us with any questions regarding our GDPR compliance.




[[Category:Global Email V4]]
[[Category:Global Email V4]]

Revision as of 00:20, 7 November 2020

← Global Email

Global Email Navigation
Basics
Introduction
Licensing
Domain-Only Verification
Privacy and Global Email
Best Practices
FAQ
Service URLs
Input/Output
Request Fields
Response Fields
Examples
REST JSON
REST JSONP
REST XML
Batch XML
Batch JSON
Interpreting Results
Deliverability Confidence Score (Basic)
Result Codes (Advanced)
Global Email Result Codes
Sample Code



Certifications and Compliance

As a company, Melissa is fully GDPR compliant and holds various certifications. We are proud to take privacy and security very seriously, and aim to be transparent when detailing how we handle your data.

All Global Email requests are secured with HTTPS and the latest TLS.

Please refer to our compliance page for more details.


What We Store and Why

We store some minimal information from each Global Email request for logging, diagnostic, debugging, and optimization purposes.

Melissa does NOT give or sell this information to any other entity. It is all strictly for internal use.

Also, we do NOT use received emails for any marketing or advertising purpose. Again, they are only used internally for Global Email.

Aside from standard diagnostic and debugging information, Global Email does use a cache of emails. This cache stores the result of the last check on that email so that users who verify an email within a short time of another user verifying the same email can get the same results faster.

For European users, emails are additionally encrypted using a one-way hash, which means that emails are impossible to decipher and are not human-readable.

See the following sections for more details.


Outside of Europe

For users not affected by any extra privacy regulations, Global Email securely logs emails and other internal diagnostic information. As mentioned above, all Global Email requests are sent with current HTTPS and TLS encryption.

This cache is just emails with several numerical values attached to them. This is used for internal logging purposes, and more importantly to improve speed without sacrificing accuracy. There is nothing to tie any email to any individual, whether that be the owner of the email or the user who verified the email.


Europe and GDPR

As of the 25th of May 2018, the European Union implemented the General Data Protection Regulations (GDPR).

These regulations apply to anyone who processes data gathered or stored in the European Union, regardless of where the data processor is located.

Overall, GDPR obligates all data collectors and processors working in Europe or with European data to transparently collect, store, and process that data, and to do so with only the minimum amount of data needed for the task at hand.

Additionally, GDPR dictates that data systems must implement data privacy and protection by default.

For more information, see this summary of GDPR from the European Union itself, or the full text of the regulations.

Emails specifically are less sensitive compared to other personal data, such as full names or addresses. GDPR does allow companies to store emails - no encryption or other obfuscation required - as long as it is hard to connect any email to any other piece of personal information, whether internally or in the event of a breach.

Other information related to emails, namely information about domains, is not considered personal data. You may find that some requests do include contact information about the domain owner, but this information is gathered from external sources, all of which are GDPR compliant in their own right.

Interestingly, since GDPR allows companies to store unencrypted emails as long as they cannot be connected to other personal information, our method of caching outside of Europe was already GDPR compliant.

But, for Global Email specifically, we have gone beyond simple compliance.

We store information about the connection status of the MX server in the form of encrypted hashes. This means that users get the best of both worlds: the performance of our non-European email verification, and the assurance that we are more than fully GDPR compliant. As mentioned previously, all encryption is one-way.

Please do not hesitate to reach out to us with any questions regarding our GDPR compliance.


Data Across Borders

It is important to note that GDPR does allow companies to leverage data gathered and stored outside of the GDPR sphere of influence. Therefore, we use our US-hosted cache of nearly 800 million emails to bolster email verification in Europe in only a read capacity.