Messente logo

Data Handling Policy

Physical security

Messente servers are hosted by secure data centres in Europe, Germany, whose protection practise conforms to the Federal Data Protection Act (BDSG) as well as the German Teleservices Act (TMG). The Data Center and its information security management system (ISMS) have attained certification in accordance with DIN ISO/IEC 27001. 

System security 

Messente uses firewalls and logical access control to protect our servers from unauthorized system access, allowing only trusted operations personnel to manage our systems who are required to use necessary security measures when accessing and handling the data. 

We also make sure to use strong configuration standards to harden our servers, and we keep them up-to-date with the latest security patches. As such data access is limited to explicitly authorized personnel only as mentioned above. 

Application security 

We support strong cryptography (SHA-256 with RSA encryption) for communication over public networks, so that your Messente Dashboard password, API username/password, and contents of your communications may be protected in transit as set forth below. 

Unencrypted protocols are supported on the customer side in response to customer demand, but we strongly encourage customers to use secure protocols. 

Messente has direct relationships with telecommunications carriers and services providers. Some of the "last mile" connections of our partners might be unencrypted. We choose for secured communication with carriers when available. Messente also has rate limiting in place on API calls to prevent brute force attacks. Password complexity requirements are enforced on API username, password and Messente Dashboard password. We strive to only work with partners that are GDPR compliant and have agreements in place to ensure that they adhere to the set regulations for data protection. 

Messente Dashboard passwords are cryptographically hashed before storing in our database. Strong password requirements are enforced. 

Messente Dashboard supports 2-factor authentication (2FA using Messente Verification API) when elected for customers who want to add an additional access control. In this case, Messente Dashboard logins require an additional verification code, which is sent by SMS or Verigator App to the phone registered on your account, to be entered when logging in from a new country or browsers from the ones used on the previous successful logins. 

Use and Storage of Customer Data 

All following customer data processed and stored while Messente is acting as a Controller while using www.Messente.com and www.dashboard.messente.com, is handled as confidential and sensitive information and is only accessed by a minimum number of people from Messente’s team, as well as the rights retained by the client to limit content availability via hiding or hashing content: 

Purpose

Personal data type and source

Legal ground

Retention time or criteria

To enable Messente to provide you the service that you have requested, for example send you an answer to a question that you have filled into a form or send you a white paper

Contact data; such as phone number, email address, address,  name, company, position, contact preference and any other information that you may provide to Messente.

Source: Directly from you and/or via third party and/or created by Messente

Consent and /or Legitimate interest and/or required by law

As long as required in accordance with applicable law or 1 years after contact without business relationship or 2 years after end of the business relationship or when requested to be deleted and request can be honoured.

To enable Messente to administer any consent/opt-out/opt-in that you may have given to us and/or send you emails such as newsletters, invites for seminars/webinars

Contact data; such as phone number, email address, address,  name, company, position, contact preference and any other information that you may provide to Messente

Source: Directly from you and/or via third party and/or created by Messente

Consent and/or required by law

As long as required by law, required by business process (you are informed at the time when you give us the information) or until you request that we remove you from the opt-out/opt-in list or you have revoked your consent

To enable Messente to fulfil its obligations in accordance with the contract between Messente and its customers, this may include sending you service announcements on elements included within the contract, customer service enquiries

Contact data; such as phone number, email address, address,  name, company, position, contact preference and any other information that you may provide to Messente

Source: Directly from you and/or via third party and/or created by Messente

Consent and /or Legitimate interest and/or required by law and/or to administer contracts that you have with Messente.

As long as required in accordance with applicable law or 1 years after contact without business relationship or 2 years after end of the business relationship or when requested to be deleted and request can be honoured.

To enable Messente to administer, foster and develop your relationship (with the use of a customer relationship management system), perform credit checks and, verification of personal or business data and payment details and other checks before offering our services to customers.

Contact data and financial data; such as phone number, email address, address,  name, company, position, (in very limited cases) personal financial information, contact preference and any other information that you may provide to Messente

Source: Directly from you and/or via third party and/or created by Messente

Consent and /or Legitimate interest and/or required by law and/or to administer contracts that you have with Messente.

As long as required in accordance with applicable law or 1 years after contact without business relationship or 2 years after end of the business relationship or when requested to be deleted and request can be honoured.

To enable Messente to operate, administer access and use of the forums, websites, portals it provides to customers, resellers, developers and other user groups. This may include sending you services announcement (for instance, if the service is temporarily suspended for maintenance).

Contact data; such as phone number, email address, name, company, position, contact preference and any other information that you may provide to Messente

Technical data: such as, but not limited to, http headers, computer settings when stored, log information on use of portal, messaging logs

Source: Directly from you and/or via third party and/or created by Messente

Consent and /or Legitimate interest and/or required by law and/or to administer contracts that you have with Messente.

As long as required in accordance with applicable law or 1 years after contact or 2 years after end of the business relationship or when requested to be deleted and request can be honoured.

To enable Messente to protect its forums, websites, portals and the customer data within these portals against threats and fraud and find vulnerabilities.

Contact data; such as phone number, email address, address, name, company, position, contact preference and any other information that you may provide to Messente

Technical data: such as but not limited to, http headers, computer settings when stored, log information on use of portal, messaging logs

Source: Directly from you and/or via third party and/or created by Messente

Legitimate interest and/or required by law

As long as required in accordance with applicable law or 1 years after contact or 2 years after end of the business relationship or when requested to be deleted and request can be honoured.

To enable Messente to (prepare to) administer and fulfil our obligations under mandatory law including providing correct information to relevant authorities)

Contact data; such as phone number, email address, address,  name, company, position, contact preference and any other information that you may provide to Messente or is created during our communication with you.

Technical data: such as but not limited to, http headers, computer settings when stored, log information on use of portal/forum

Source: Directly from you and/or via third party and/or created by Messente

Legitimate interest and/or required by law

As long as required in accordance with applicable law

To defend the legal position of Messente.

Contact data; such as phone number, email address, address, name, company, position, contact preference and any other information that you may provide to Messente or is created during our communication with you.

Technical data: such as but not limited to, http headers, computer settings when stored, log information on use of portal/forum

Source: Directly from you and/or via third party and/or created by Messente

Legitimate interest and/or required by law and/or operator agreements

As long as required in accordance with applicable law or after the obligatory retention time ends.

 

All customer data processed and stored while Messente is acting as a Processor is handled by direct instructions from the Customer and outlined in a Data Protection Agreement. The instances of processing data can be:

  • collection
  • recording
  • organisation
  • structuring
  • storage
  • retrieval
  • consultation
  • use
  • disclosure by transmission