Effective Date: January 1, 2019
Information Collection and Use; Personal Information
We may ask you to provide us, or our customers (data controllers) may provide us, with certain Personal Information that can be used to contact or identify you. Personal Information may include, but is not limited to, your name, job title, email address, IP address, LinkedIn URL, phone number, mailing address, picture and employer. We process Personal Information for the purpose of providing the Services, identifying and communicating with you about the Services, responding to your requests/inquiries, servicing your purchase orders, improving our Services, and communicating with you about our Services, discounts, and promotions.
How Long We Keep Your Personal Information
How long we keep information we collect about you depends on the type of information, as described in further detail below. We will either delete or anonymize your information or, if this is not possible due to our contractual obligations to our customers (data controllers) then we will securely store your information until deletion is possible.
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, it will be anonymized and used to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by your employer under our agreement with your employer as required by the administrator of your account. If your account is deactivated, your information and conversations you may have had and actions you may have taken on the Services will remain in order to allow your team members to make full use of the Services.
If you have elected to receive marketing emails from us, we retain information about your marketing preferences for 2 years from the date you last expressed interest in our Services. Every marketing email we send will provide you with the option to opt out of receiving future emails.
Accessing and Correcting Your Personal Information
In addition, you may access, update, correct or have removed from our systems and records the Personal Information our customers (data controllers) have provided about you by contacting them directly.
Information Collected Directly from You
We collect information about you when you provide it to us and automatically when you use the Services.
We collect information that your browser sends whenever you visit our website or use our Services (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we use third party services from HubSpot and Google that collect, monitor and analyze this type of information in order to increase our Services’ functionality. These third-party service providers have their own privacy policies addressing how they use such information. When you access the Services by or through a mobile device, we collect certain information automatically, including the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, and your general location information as described further below.
We may use and store information about your general location. We use this information to provide features of our Services and to improve and customize our Services.
Other Users of the Services
Other users of our Services may provide information about you when they use the Services. For example, we receive your name and digital assets containing your picture from other Service users acting as data controllers when they use the services we provide.
Service Providers who may Receive Your Personal Information
Notwithstanding such legal and contractual obligations between us and such service providers, we remain potentially liable for any misuse of your Personal Information. We will disclose Personal Information when we are required to do so in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Communications; Your Options
Once you opt-in, we may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by emailing firstname.lastname@example.org.
Security of Personal Information
The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.
International Transfer of Personal Information
Your Personal Information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide Personal Information to us, please note that we transfer Personal Information to the United States and process and maintain it there. By submitting your Personal Information, you are agreeing to this transfer, storing or processing. If we transfer your information outside of the European Economic Area in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
For EU Users
This section applies only to Users located in the European Union.
Contact Information for the Data Controller
This paragraph pertains only to individuals for whom Merlin Compliance is a “controller” within the meaning of Regulation (EU) 2016/679 of the German Parliament and of the Council of 27 April 2016 (“GDPR”):
Controller of your Personal Information:
Merlin Compliance, Inc. 17 Whitney Road Quincy, MA 02169 Phone: +1 617-328-6645 Email: email@example.com Data Protection Officer: Jeff Seidensticker, Data Protection Officer & COO, 17 Whitney Road Quincy, MA 02116
Legal Bases for Processing EU Users’ Personal Information
We only process your information when we have the legal basis to do so. That is, we will only process your Personal Information when:
- We need it to provide you the Services;
- You give us consent for a specific purpose; or
- It satisfies legitimate interests (which are not overridden by your data protection interests), such as for improving, marketing, and promoting the Services and protecting our legal rights;
- We need to process your data to comply with our legal obligations to our customers.
Transfer of EU Users’ Personal Information Outside the EU
Since we are a US based company with no facilities or representatives in the EU, we will transfer your Personal Information to the United States for processing and maintenance.
You have control over your Personal Information. Below are the rights you have and the steps you can take to exercise them. Please note that your rights may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your employer are permitted by law or have compelling legitimate interests to keep, and it may take time for us to investigate your request. If you believe that we are not respecting your rights with regard to your Personal Information, you may lodge a complaint with your local supervisory authority.
Right to Access
You have a right to request a copy of the Personal Information that we hold. To request this information, please email us at firstname.lastname@example.org.
Right to Rectification
If you believe that any Personal Information that we hold is incorrect, you have the right to correct that information. You can request a change your personal information by emailing us at email@example.com.
Right to Erasure, Restriction, or Objection to Processing
If you believe we do not have the right to process your information or you object to our processing for a particular purpose, or if you want us to erase your Personal Information altogether, please email us at firstname.lastname@example.org.
Right to Withdraw Consent
If you gave us consent to process your Personal Information for a particular purpose, you have the right to withdraw that consent by emailing us at email@example.com. Your withdrawal of consent does not affect the lawfulness of our processing of your Personal Information prior to the withdrawal.
You have the right to obtain the Personal Information that you have directly submitted to us. If you want to exercise this right, please email us at firstname.lastname@example.org.
How to Contact Us