Melasoft GmbH - Privacy Policy for Peppol Access Point Service
​
I. Name and Address of the Data Controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:
Melasoft GmbH
Gerbenmühlstraße 32
60594 Frankfurt am Main
Germany
Email: info@melasoft.com
Tel: +49 69 870 09 5340
​
II. General Information on Data Processing
​
1. Scope of Processing of Personal Data
We collect and use personal data of our users only to the extent necessary for providing a functional website and our content and services. The collection and use of personal data are regularly based on contractual obligations or user consent. An exception applies in cases where obtaining prior consent is not possible, and the processing of data is permitted by law.
​
2. Legal Basis for Processing Personal Data
If we obtain the consent of the data subject for processing operations, Art. 6(1)(a) GDPR serves as the legal basis. When processing personal data necessary for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis. In cases where data processing is necessary to fulfill a legal obligation, Art. 6(1)(c) GDPR applies. For data processing necessary to protect the legitimate interests of our company, Art. 6(1)(f) GDPR applies, provided these interests are not overridden by the rights of the data subject.
​
3. Data Deletion and Storage Duration
Personal data is deleted of blocked as soon as the purpose for storing it ceases to apply. Data may also be stored if required by European or national legislation. Once the prescribed retention period expires, the data will be deleted unless it is necessary to retain it for the fulfillment of contractual obligations.
​
III. Provision of the Website and Creation of log Files
​
1. Description and Scope of Data Processing
When accessing our website, the system automatically collects data from the accessing device, including:
-
Browser type and version
-
Internet Service Provider
-
IP address
-
Date and time of access
-
Referring and subsequent websites
This data is stored in log files without being linked to other personal data.
​
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
​
3. Purpose of Data Processing
Data collection ensures the proper functioning of our website, the optimization of the content, and the security of our systems. No data analysis for marketing purposes occurs.
​
4. Duration of Storage
The data is deleted when no longer necessary, generally at the end of the user session or after 30 days.
IV. Use of Cookies
​
1. Description and Scope of Data Processing
Our website uses cookies to enhance the user experience. Cookies store the following data:
-
Login information (session cookie)
-
Affiliate and referrer information
-
Preferred language for website use
2. Legal Basis for Data Processing
Cookies are used to simplify the user experience by remembering preferences across page views.
3. Purpose of Data Processing
Cookies are used to simplify the user experience by remembering preferences across page views.
4. Storage Duration and Objection
Cookies are stored on the user's device, and users can delete or disable cookies through their browser settings. However, this may limit some functionality.
​
V. Newsletter
​
1. Description and Scope of Data Processing
Users can subscribe to a free newsletter on our website. During registration, the following data is collected:
-
Name
-
Email address
2. Legal Basis for Data Processing
The legal basis for processing data after newsletter registration is the user’s consent according to Art. 6(1)(a) GDPR.
3. Purpose of Data Processing
The email address is collected to deliver the newsletter.
​
4. Storage Duration
Data is deleted once it is no longer necessary, or the user unsubscribes.
​
5. Objection
Users may unsubscribe from the newsletter at any time via the unsubscribe link in the newsletter.
​
VI. Registration for Services
​
1. Description and Scope of Data Processing
Users can register for paid services on our website. The following data is collected:
-
Name
-
Company name
-
Email address
-
Password
For billing purposes, payment data such as bank information may be collected. The collected data is used to provide the respective service.
2. Legal Basis for Data Processing
The legal basis is Art. 6(1)(b) GDPR, which governs data processing for the performance of a contract.
​
3. Purpose of Data Processing
User registration is necessary for providing the service, including access to user accounts.
​
4. Storage Duration
Data is deleted when no longer needed for fulfilling contractual obligations.
​
VII. Google Analytics
​
We use Google Analytics to analyze website traffic. The tool may collect data such as IP addresses, browser types, and time spent on pages.
​
VIII. Use of OpenAI API Services
​
1.Scope of Data Processing
In some of our intelligent features such as automated document analysis, financial classification, and invoice parsing (including Peppol Access Point services), we use OpenAI API services (provided by OpenAI, L.L.C., San Francisco, USA) for natural language processing and AI-enhanced functionalities.
As part of this processing, textual data (e.g., invoice line items, customer names, payment descriptions) may be transmitted securely to OpenAI servers for real-time analysis and structured response generation.
​
-
Legal Basis
The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract), and Art. 6(1)(f) GDPR (legitimate interest in enhancing our services through AI technology). We ensure this does not override the data subject’s rights. -
Data Minimization and Retention
We make reasonable efforts to avoid transmitting any personally identifiable data when calling external AI services.
According to OpenAI’s official API policy:
-
Data sent via API is not used for training and is retained for up to 30 days solely for abuse monitoring, unless a separate enterprise agreement (such as Zero Data Retention) is in place.
-
Melasoft GmbH is in the process of engaging with OpenAI to enable Zero Data Retention, which ensures that no input or output is logged or stored.
​
-
Data Transfers Outside the EU
Data processed by OpenAI may be transmitted to and processed in the United States. OpenAI provides Standard Contractual Clauses (SCCs) to ensure appropriate safeguards under Art. 46 GDPR.
​
-
User Impact
These services are only used to process transactional data necessary for service delivery. At no point is data used for marketing, profiling, or shared with unauthorized third parties.
IX. Rights of the Data Subject
​
If your personal data is processed, you have the following rights:
​
1. Right to Access
You have the right to request information about the data we process concerning you (Art. 15 GDPR).
​
2. Right to Rectification
You can request that we correct inaccurate data (Art. 16 GDPR).
​
3. Right to Restriction of Processing
You can request that we limit the processing of your data under certain conditions (Art. 18 GDPR).
​
4. Right to Erasure
You can request the deletion of your data under certain circumstances (Art. 17 GDPR).
​
5. Right to Object
You can object to the processing of your data based on Art. 6(1)(e) or (f) GDPR at any time (Art. 21 GDPR).
​
6. Right to Data Portability
You have the right to receive your data in a machine-readable format or have it transferred to another controller (Art. 20 GDPR).
​
7. Right to Withdraw Consent
You have the right to withdraw your consent at any time (Art. 7(3) GDPR).
​
8. Right to Complain to a Supervisory Authority
If you believe your data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
​
X. Contact Information of the Data Protection Officer
​
For questions regarding data protection, you can contact us at:
Email: info@melasoft.com
This is a paragraph where you can add any information you want to share with website visitors. Click here to edit the text, change the font and make it your own.
Melasoft GmbH - Terms and Conditions for Peppol Access Point Service
​
1. General Provisions
Melasoft GmbH operates an online service as a Peppol Access Provider, accessible through various domains, including melasoft.com. This service supports businesses in creating, sending, and managing documents related to commercial invoicing (e.g., invoices, credit notes, reminders, offers). The service provider is Melasoft GmbH, located at Gerbermihlistraße 32, 60594 Frankfurt am Main (hereinafter referred to as "Melasoft").
These terms and conditions apply to all current and future business relationships between the user and Melasoft. Any conflicting, differing, or supplementary terms and conditions from the user (including, for example, purchase conditions) will not become part of the contract unless explicitly agreed upon in writing at the time of contract conclusion. Any standard references to the user's terms and conditions are hereby explicitly rejected.
​
2. Subject of the Contract
The subject of the usage contract is the provision of the service to the user, allowing them to utilize its functionalities.
The scope of services provided is based on the service package selected by the user and generally includes the ability to create, send, and manage various documents related to business accounting.
Additionally, the user can opt to send documents created via the service through email. The user is informed that the delivery of emails to recipients occurs over the public infrastructure of the internet. Melasoft is only responsible for sending the email, not for ensuring its successful delivery to the recipient.
Compliance with tax, legal, and regulatory requirements when creating documents is the sole responsibility of the user. Melasoft does not provide any tax advisory services.
​
3. Conclusion of the Contract
The use of the service is only possible under a usage contract. The conclusion of a contract for the use of the service is only available to entrepreneurs, legal entities under public law, or special public funds.
The user is obligated to provide truthful information about themselves and their business when concluding a usage contract and to keep their information up to date.
Melasoft initially offers contracts for free, time-limited, and heavily restricted usage with limited functionality intended only for testing purposes. In this case, the provision of the registration form by Melasoft constitutes an offer to conclude such a contract. The user accepts this offer by completing and submitting the form with the corresponding button.
Melasoft also offers contracts for paid usage. The user can view and select available service packages in their account by clicking the "Select Package" button. This selection constitutes a binding offer to conclude a paid contract. The user accepts this offer by entering their payment details and confirming with the corresponding button.
The user has the opportunity to review their information before submitting their contract declaration and correct it by changing the appropriate fields. Furthermore, they can review the services they have selected and modify them by activating the corresponding selection boxes.
Melasoft will promptly confirm receipt of the contract declaration by sending an email to the user. The contract is available in English. The contract text is stored by Melasoft but is not accessible to the user.
​
4. Provision of the Service
The service is made available to the user upon registration for free usage contracts and upon activation by Melasoft for paid usage contracts.
The point of delivery for the provision of the service is the router exit of Melasoft's data center. Melasoft guarantees an availability of 98% of the service at the point of delivery on an annual average.
​
5. Additional Services from Melasoft
In addition to the core functionalities of the service, Melasoft also offers other paid additional services to users.
The exact scope of services is defined in the respective service descriptions and can be utilized according to the available options.
To use certain services, the user can top up a prepaid account on a credit basis. Balances on this account do not accrue interest.
​
6. Usage Rights
Melasoft grants the user a simple, non-sub-licensable, and non-transferable right to use the service for their own business purposes during the term of the contract.
The user is not granted any rights that are not explicitly mentioned. In particular, the user is not entitled to allow third parties to use the service or to use the service to provide services for third parties, such as creating, sending, or managing documents for third parties.
If and to the extent that a database, databases, or a database work or works are created on Melasoft's server during the term of the usage contract, all rights thereto belong to the user. The user remains the owner of the databases or database works even after the end of the contract.
​
7. Fees and Payment
If the use of the service is subject to fees, the costs are determined according to the information in the respective price list.
All prices are subject to VAT. All payments must be made in advance and can be made using the available payment methods. Melasoft has contracted a qualified payment provider to collect payments, who also stores the payment information.
If Melasoft offers payment by credit card, the credit card will be charged immediately after the purchase process is completed using the provided credit card details.
If Melasoft offers payment via PayPal, the PayPal account will be charged immediately after the purchase process is completed using the provided PayPal account.
If the parties agree on the "direct debit" payment method, the user grants Melasoft a SEPA Core Direct Debit Mandate or SEPA Business Direct Debit Mandate to collect the respective amount due, including for recurring payments and obligations of varying amounts. The notice period for the pre-notification (Pre-Notification) is reduced to one day where permissible. The user assures that the account has sufficient funds.
If the parties agree on the "Stripe" payment method, the user makes a transfer of the respective amount due to Melasoft.
Costs incurred due to non-redemption or chargeback of a payment order shall be borne by the user unless the non-redemption or chargeback was caused by Melasoft.
​
8. User Obligations
The user chooses access credentials for the purpose of using the service. The user is obligated to keep these access credentials confidential and to inform Melasoft immediately of any loss or unauthorized use of the access credentials by third parties. The user is not permitted to provide access credentials to third parties. Melasoft is entitled to block access credentials if there is suspicion of unauthorized use or misuse of the data.
The user may only use the service for their own business purposes. The use of the service for sending advertisements of any kind, particularly via the provided email functions, is not permitted.
To use the service, the user must have an internet connection, an internet-enabled device, and an up-to-date internet browser, the costs of which must be borne by the user.
The user is obligated to regularly, at least daily, back up the data stored in the service, namely the created or managed documents, by downloading them.
If the service provides interfaces to third-party systems, the user is solely responsible for checking the consistency, completeness, accuracy, and timeliness of the incoming or outgoing data.
The user is responsible for complying with tax and commercial law retention obligations, such as those under §§ 238, 257 HGB, and § 147 AO.
​
9. Data Protection
The parties will observe the applicable data protection regulations, particularly those valid in the European Union.
If the user collects, processes, or uses personal data of third parties, they ensure that they are authorized to do so under the applicable, especially data protection, regulations and indemnify Melasoft against claims from third parties in case of violation.
Melasoft provides a template for a data processing agreement, which can be requested and concluded by the customer at any time.
As part of the Service’s advanced features, Melasoft GmbH utilizes third-party AI-based services provided by OpenAI, L.L.C. (San Francisco, USA), specifically through API access, to enable functionalities such as automated text classification, invoice parsing, and intelligent content generation. In the course of using such features, certain input data (e.g., invoice line items, transaction descriptions, document metadata) may be securely transmitted to OpenAI for processing.
Melasoft ensures that only the minimum necessary data is transmitted and that OpenAI’s services are used in compliance with applicable data protection laws. OpenAI does not use API data for training purposes, and, unless explicitly agreed otherwise, data is retained only for up to 30 days for abuse monitoring purposes.
By using the Service, the user acknowledges and accepts the involvement of such third-party AI services for the proper functioning of certain features.
10. Liability
The parties are liable to each other for damages caused by willful intent or gross negligence by themselves, their legal representatives, or vicarious agents, without limitation.
In the case of slight negligence, the parties are liable without limitation for injury to life, body, or health.
Otherwise, a party is only liable to the extent that it has violated an essential contractual obligation. Essential contractual obligations are those obligations that are of particular importance for achieving the contractual purpose and whose breach endangers the achievement of the contractual purpose. In these cases, liability is limited to the foreseeable, typically occurring damage. Melasoft's no-fault liability for damages pursuant to §536a BGB for defects existing at the time of contract conclusion is excluded; the preceding paragraphs remain unaffected.
Liability under the Product Liability Act remains unaffected.
​
11. Term and Termination
The contract for free use begins upon contract conclusion, runs for the specified period, and can be terminated by either party without notice.
The term of the contract for paid use of the service begins upon activation by Melasoft and runs for the agreed period. The contract can be terminated by the user with one day's notice to the end of the term using the online functions provided. Otherwise, termination requires at least text form and is subject to a notice period of seven days to the respective end of the term.
The term of a contract for paid use of the service is automatically extended by the chosen term if it is not terminated in due time.
If the user unilaterally discontinues the use of the service before the end of the notice period, the costs for the unused remaining term of their contract will not be refunded.
Melasoft may terminate the contract without notice if the user is in default with payment of the prices or a significant part of the prices for two consecutive months or with payment of an amount that reaches the price for two months over a period extending beyond two months. In this case, Melasoft may also demand a lump-sum compensation of a quarter of the remaining monthly basic fee until the end of the regular contract term, payable immediately in a single sum. The user is entitled to prove that the damage was less.
​
12. Changes to These Terms and Conditions
Melasoft has the right to change the provisions regarding the service to be provided, considering technical requirements and market conditions, as long as this is reasonable for the user.
Changes to these Terms and Conditions will be published within the service. Users will be informed of changes that do not fall under paragraph 1 in text form. The changes become effective unless the user objects to the respective changes within 14 days after receiving the notification of change. The user will be informed of the significance of their silence together with the change notification.
​
13. Final Provisions
The law of the Federal Republic of Germany applies. The provisions of the UN Convention on Contracts for the International Sale of Goods do not apply.
If the user is a merchant, a legal entity under public law, or a special public fund, the exclusive jurisdiction for all disputes arising from this contract is our business location. The same applies if the user has no general place of jurisdiction in Germany or if their domicile or usual place of residence is unknown at the time of filing the lawsuit.