What are the legal bases under the GDPR for MaxMind’s processing of personal data?

With respect to minFraud and other fraud prevention services that MaxMind provides to its customers (where MaxMind acts as either a Data Processor or Data Controller), MaxMind has a legitimate interest in processing the data. The GDPR specifically references the “processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned” – in this case, MaxMind’s customer purchasing MaxMind’s services. MaxMind also provides services to its customers that include the processing of personal data (where MaxMind acts as either a Data Processor or Data Controller) based on the consent obtained from its customers and its customer’s end users. To the extent MaxMind engages in direct marketing to individual EU data subjects who are representatives of MaxMind’s customers, MaxMind also has a legitimate interest in such processing, and the individuals receiving such direct marketing always have the right to object as set forth in MaxMind’ privacy policy.