Legal Basis Under GDPR to Act as Data Processor

With respect to minFraud and other fraud prevention services that MaxMind provides to its customers (where MaxMind acts as either a Data Processor or Data Controller), MaxMind has a legitimate interest in processing the data. Read how MaxMind may act as a Data Processor or Data Controller in section 2 of the MaxMind Data Processing Addendum.

The GDPR specifically references the “processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned” – in this case, MaxMind’s customer purchasing MaxMind’s services. MaxMind also provides services to its customers that include the processing of personal data (where MaxMind acts as either a Data Processor or Data Controller, for example GeoIP2 web services) based on the consent obtained from its customers and its customer’s end-users.

To the extent MaxMind engages in direct marketing to individual EU data subjects who are representatives of MaxMind’s customers, MaxMind also has a legitimate interest in such processing, and the individuals receiving such direct marketing always have the right to object as set forth in MaxMind’s Privacy Policy. Learn more about Data Subject Requests, or read MaxMind’s Privacy Policy in full on our main website.

This page was last updated on .

Was this article helpful?