Mercell's Privacy Policy

This privacy policy applies to the information and data collected and processed when surfing on this website, submitting forms on the Mercell webpage for sales, marketing, and communication when registering into the Mercell portal when using the Mercell platform, or several other activities described in this policy. 

 

This privacy policy describes how we collect, receive, store, use, transfer, and process your data for the aforementioned activities with Mercell users and customers. Moreover, it also describes your rights as a data subject, such as retrieving consent, correcting your personal data, and, in general, how to exercise your rights as a data subject. Several of the activities described in this policy are voluntary and rely on the consent of the user. Such are described in detail in the processing activities section of this document. Data related to the use of the platform and portal registration is regulated in the section Privacy Notice for portal subscription and platform. 

 

We at Mercell (hereinafter referred to as "Mercell," "We," or "we") strive to use as little personal data as possible. That is why, for example, we have a different section regarding our cookies policy and the use of any third-party cookie trackers through this Website. If you want to learn more about our cookies policy, please click on the following link.  

Definitions and Legal Reference

Before continuing to read our policy, we want to make sure you understand the terminology used in this document. We kindly ask you to get familiar with these definitions before continuing to read this privacy policy. The mentioning of these definitions does not imply the use, collection, or processing of any data that is not strictly mentioned in the respective section of this privacy policy. 

 

Cookies

Cookies are small sets of data stored in the User's device when visiting a website, either by the website operator or by third parties the web operator has a relation with. More about our cookie policy can be read in the respective policy. 

 

Personal Data (or Data)

Personal data is considered as any information that directly or indirectly, alone or in combination with other types of information, allows one to identify or become identifiable as a natural person. This implies that a variety of information could be considered personal data, such as telephone numbers, and e-addresses, among others.

 

Data Subject:

The natural person to whom the Personal Data refers.

Data Processor 

The natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller, as described in this privacy policy. In this case, the data processor is HubSpot Inc. More details about the processor can be found in the respective section.

 

 

Data Controller 

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is Mercell.

European Union  and European Economic Area ( EU/EEA)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Usage Data

Information is collected automatically through websites, which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

Anyone who uses this Website and those who subscribe to the service, portal, or platforms of Mercell. which, unless otherwise specified, coincides with the Data Subject.

Tracker

Tracker is defined as any technology that enables the tracking of Users, for example, by accessing or storing information on the User’s device. Examples of trackers could be Cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting.  

Website 

A collection of interlinked Web pages that share a single domain name. Webpage is understood as a hypertext document on the World Wide Web. Web pages are delivered by a web server to the user and displayed in a web browser.

Legal information summary

This privacy statement has been prepared based on provisions of several legislations, including the EU 2016/679 (General Data Protection Regulation), also known as GDPR.

This privacy policy relates solely to the processing activities described in it. Therefore it does not cover other services, that might be described in different documents. 

The requesting of the service is voluntary and entails that the aforementioned information be processed by Mercell to provide the services requested and provide.  The user is at any moment able to request the correction, modification, and erasing of his/her personal data.

Type of processing 

Personal Data is collected for the following purposes and using the following services:

1) Sending emails and communication between individuals or organizations.

 

This includes transmitting messages, sharing information, recording calls or demos under the data subject request to be shared, and enabling efficient and effective communication between the user and Mercell.

 

  • Categories of Personal Data: The personal data processed for email and communication purposes may include:

 

  • Contact Information: This includes names, email addresses, phone numbers, and any other relevant contact details necessary for initiating and maintaining communication.

 

  • Communication Content: This refers to the actual content of the messages sent, such as email text, attachments, images, or other media shared during communication.

 

  • Communication History: Data related to customer interactions, including sales inquiries, support requests, and correspondence, may be processed to track customer engagement and provide personalisedpersonalized assistance.

 

  • Metadata: Metadata associated with the communication may be processed, including timestamps, sender and recipient information, IP addresses, and other technical data that helps manage and track the communication process.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for email and communication purposes may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Consent: In the case of potential customers or users that contact the company for information on prices, request or recording demos and marketing. The individual shall have provided their explicit consent to send them emails or communicate with them. Thus, processing may be based on their consent. This can be withdrawn by sending a request to the contact email address.

 

  • Contractual Necessity: When communication is necessary to fulfill a contract or to take pre-contractual steps at the request of the data subject, the processing may be based on the necessity of the contract. This is related to communication with customers.

 

  • Legitimate Interests: The processing may be justified under this legal basis, such as in the case of communicating considered essential or required by law the data subject.

2) Facilitate marketing communications with individuals or organizations.

 This includes sending promotional materials, updates, offers, and other marketing messages to promote products, services, or events.

 

  • Categories of Personal Data: The personal data processed for marketing communications may include:

 

  • Contact Information: This includes names, email addresses, phone numbers, job titles, postal addresses, and any other relevant contact details necessary for delivering marketing communications.

 

  • Demographic Information: Additional demographic data such as location, preferences, and purchasing history which may be processed to personalize marketing messages and tailor them to specific target audiences.

 

  • Interaction Data: Information about individuals' interaction with marketing materials, such as email open rates, click-through rates, website visits, and engagement with specific campaigns, may be processed to evaluate and optimize marketing strategies.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for marketing communications may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Consent: If individuals have provided their explicit consent to receive marketing communications, the processing may be based on their consent. Consent should be freely given, specific, informed, and revocable.

 

  • Legitimate Interests: Legitimate interests may include direct marketing, in the case of previous customer relationship management, that has not opted out of the marketing messages.

 

  • Data Recipients: In the context of marketing communications, the recipients of personal data may include:

 

  • Marketing Teams: Personal data may be accessed and processed by individuals or teams responsible for planning, executing, and evaluating marketing campaigns and strategies.

 

  • Service Providers: Data may be shared with third-party service providers who assist in delivering marketing communications, such as email service providers, marketing automation platforms, customer relationship management (CRM) systems, or advertising networks.

3) Sales Process:

Including customer acquisition, lead management, order fulfillment, and customer relationship management. This involves collecting, analyzing, and utilizing personal data to support sales activities and provide a personalized experience for customers.

 

  • Categories of Personal Data: The personal data processed for sales purposes may include

 

  • Contact Information: This includes names, email addresses, phone numbers, postal addresses, Job title, and any other relevant contact details necessary for establishing and maintaining communication with potential or existing customers.

 

  • Transactional Data: Information related to customer transactions, such as purchase history, order details, payment information, and billing/shipping addresses, may be processed to manage sales orders and provide customer support.

 

  • Communication History: Data related to customer interactions, including sales inquiries, support requests, and correspondence, may be processed to track customer engagement and provide personalized assistance.

 

  • Sales Analytics: Sales data, including conversion rates, sales performance, and customer preferences, may be processed to analyze sales trends, identify opportunities, and optimize sales strategies.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data in sales may vary depending on the specific situation and applicable laws. Common legal basis include

 

  • Contractual Necessity: When processing personal data is necessary for the performance of a contract or to take pre-contractual steps at the request of the data subject, the processing may be based on the necessity of the contract.

 

  • Legitimate Interests: The processing may be justified under this legal basis. Legitimate interests due to customer relationship management, mutual benefit for both parties and sales analytics.

 

  • Consent: If individuals have provided their explicit consent to the processing for sales analytics or for communication-related to that, the processing may be based on their consent. Consent should be freely given, specific, informed, and revocable.

4) Use of analytics tools

to analyze and understand user behavior in order to improve website functionality and provide a better user experience. It involves collecting and analyzing data to gain insights into how visitors interact with a website, platforms optimize content and design, and make data-driven decisions.

 

  • Categories of Personal Data: The personal data processed during webpage surfing and the use of analytics tools may include:

 

  • Usage Data: This includes information about how visitors interact with the website, such as the pages visited, time spent on each page, click patterns, scroll depth, and session duration. It helps understand user engagement and behaviour.

 

  • Device and Technical Data: Information about the devices used to access the website, such as IP addresses, device type, operating system, browser version, screen resolution, and language preferences, may be processed for troubleshooting, optimization, and ensuring compatibility.

 

  • Referral Data: Data regarding the source that directed the user to the website, such as search engine queries, referring URLs, campaign parameters, or social media referrals, may be processed to assess marketing efforts and measure website traffic.

 

  • Demographic Data: Optional demographic information voluntarily provided by users' location may be processed if collected through consent-based mechanisms, such as surveys or user preferences.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data during webpage surfing and the use of analytics tools may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Consent: Consent is required under applicable data protection regulations; users are asked for consent before tracking their activities using analytics tools.

5)  Demo and brochure request

Data is processed to provide the requested materials and communicate with the requester regarding the requested service. The collected data is used to fulfill the specific service request and to provide relevant information about the Mercell services.

  • Categories of Personal Data: The personal data collected for the request of a demo and brochure may include

 

  • Contact Information: This includes names, email addresses, phone numbers, postal addresses, job titles, company name, and any other relevant contact details necessary for establishing and maintaining communication with potential or existing customers.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for the request of a demo and brochure may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Contractual Necessity: If the data processing is necessary for the performance of a contract or to take pre-contractual steps at the request of the data subject, the processing may be based on the necessity of the contract.

 

  • Consent: The request for a brochure is freely given, specific, informed, and revocable at the moment of sending the request. Thus the processing of the data is based on consent 

6) Invoice handling:

Ensuring accuracy, facilitating payment, and maintaining proper financial records. It involves collecting, processing, and storing personal and financial data necessary for invoicing purposes.

 

  • Categories of Personal Data: The personal data processed for invoice handling and sending may include:

 

  • Contact Information: This includes the name, address, email address, and phone number of the invoiced party or the designated recipient for sending the invoice.

 

  • Financial Information: Personal data related to financial transactions, such as bank account details, payment card information, or other payment-related information, may be processed for the purpose of invoice payment and record-keeping.

 

  • Tax Identification Information: In certain jurisdictions, tax identification numbers or other tax-related information may be processed to comply with applicable tax laws and regulations.

 

  • Product or Service Details: Information related to the products or services provided, such as descriptions, quantities, prices, and any applicable taxes or discounts, may be processed for accurate invoicing.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for invoice handling and sending may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Contractual Necessity: Processing personal data for invoice handling and sending is necessary for the performance of a contract between the invoiced party and the data controller.

 

  • Compliance with Legal Obligations: Processing personal data may be necessary to comply with legal obligations, such as tax laws and regulations related to invoicing and record-keeping.

7) Storing and protecting customer data in a database

This is to maintain a centralized and organized repository of information related to customers. It involves collecting, organizing, and storing personal data to enable effective customer management, communication, and support.  For Customers of the S2C platform, there will be required to integrate data from a different mercell platform to the CRM system. This process will use Opic to automate the data export, reduce the risk of data loss and human errors, and keep the data up-to-date across systems. 

 

  • Categories of Personal Data: The personal data processed for storing customer data in a database may include:

 

  • Identification Information: This includes the customer's name, address, country, contact details (such as phone number and email address), any unique identifiers (such as customer ID or account number), job title, organization name, and VAT number. 

 

  • Transaction History: Details of customer transactions, including purchase history, order details, payment information, and invoicing data, may be stored for reference, analysis, and customer service purposes.

 

  • Communication History: Records of past interactions between the customer and the organization, such as emails, chat logs, support tickets, or call recordings, may be stored to provide a comprehensive customer service experience.

 

  • Consent and Preferences: Information related to customer consent for marketing communications and preferences for specific products, services, or communication channels may be stored to ensure compliance and deliver personalized experiences.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data in storing and protecting customer data in a database may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Contractual Necessity: When processing personal data is necessary for the performance of a contract or to take pre-contractual steps at the request of the data subject, the processing may be based on the necessity of the contract.

 

  • Legitimate Interests: The processing may be justified under this legal basis due to customer relationship management, mutual benefit for both parties, and sales analytics.

 

  • Compliance with Legal Obligations: Processing personal data may be necessary to comply with legal obligations, such as tax laws and regulations related to invoicing and record-keeping.

8) Tag management

Manage and deploy tags on a website or digital platform. Tags are snippets of code that collect data or enable third-party services, such as analytics, advertising, or remarketing. Tag management systems streamline the process of implementing and maintaining tags, improving website performance and data governance.

 

  • Categories of Personal Data: The personal data processed in the context of tag management may include:

 

  • User Identification: Tag management systems may collect and process user identification data, such as IP addresses, device information, or cookies, for the purpose of associating user interactions with specific tags or tracking user behavior.

 

  • Interaction Data: Tag management systems may collect and process data related to user interactions, such as clicks, page views, form submissions, or other engagement metrics. This data helps track user behavior and trigger relevant tags or services.

 

  • Analytics Data: Tag management systems may integrate with analytics platforms to collect and process aggregated and anonymized data about user behavior, website performance, or campaign effectiveness. This data helps optimise the website and improve user experiences.

 

  • Consent Data: In the context of consent management, tag management systems may collect and process data related to user consent preferences, such as consent status, consent timestamps, or cookie consent choices. This data helps ensure compliance with applicable data protection laws and regulations.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for tag management may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Legitimate Interests: Legitimate interests include website performance improvement, data accuracy, and user experience enhancement.

 

  • Consent: Consent is obtained in accordance with legal requirements and must be freely given, specific, informed, and revocable.

9) Email validation

To verify the accuracy and validity of email addresses provided by users. The tool analyses email addresses to identify potential errors, inaccuracies, or fraudulent addresses, ensuring that businesses can maintain a clean and reliable email list for effective communication.

 

  • Categories of Personal Data: The personal data processed in the context of an email validation tool may include:

 

  • Email Addresses: The tool processes the email addresses provided by users for validation purposes. This data is used to verify the syntax, domain, and overall validity of the email address.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for an email validation tool may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Legitimate Interests: Validating email addresses helps ensure the efficiency of communication, prevents potential issues caused by invalid or inaccurate email address and ensure a healthy IT environment.  

10)  Webpage heatmap

To analyze user behavior and interactions on a website, visualized through a heatmap. This data helps businesses understand how users navigate, interact, and engage with webpages, enabling them to make data-driven decisions to improve user experience and optimize webpage design.

 

  • Categories of Personal Data: The personal data processed in the context of a webpage heatmap may include:

 

  • Interaction Data: The heatmap tool collects and processes data related to user interactions on a webpage, such as mouse movements, clicks, scrolling behavior, or touch gestures on mobile devices. This data is used to generate visual representations of user activity and engagement.

 

  • Device Information: The tool may collect and process device-related data, such as IP addresses, browser types, operating systems, screen resolutions, or device models. This information helps provide context for user behavior analysis.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for a webpage heatmap may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Consent: The data is processed only for user consent which shall be obtained before processing personal data for a webpage heatmap, especially if additional processing activities or data retention is involved.

11) User Development Training

The purpose of this data processing activity is to facilitate the enhancement of user skills and knowledge in the field of public procurement through the utilization of a third-party vendor. The third-party vendor platform is external to the platforms and assists in the delivery of educational content and interactive learning experiences to users.

 

  • Categories of personal data: The data processed in the context of user development training includes user interactions, progress tracking, and performance. This includes Identification Information such as customer's name, address, country,  job title, contact details (such as phone number, address,  and email address), and any unique identifiers. 

 

  • Legal Basis for Data Processing: The legal basis for processing personal data in may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Contractual Necessity: When processing personal data is necessary for the performance of a contract In case of acquiring the paid feature for training within platforms  

 

  • Consent: In case the processing is related to a free training trial or additional information is not required to be given to the customer, the processing of this data is related to the consent provided by the user at the moment of taking the training course or making the input of the data field.

12)   Subscription system management

This data processing activity involves the processing of customer data for subscription orders, licenses, and invoices. The ERP system consolidates financial and contact information from customers, such as subscription order records, number of license orders, payment amounts, and bank details for invoicing and invoice sending. The purpose of this data processing activity is to enable the functionality for customers to subscribe to Mercell services and facilitate the invoicing process and other financial operations needed for completing the order of the subscription requested by the customer. The subscription management system is built with several integrations with the Netsuite system, the integrations of the system provide order confirmation, and invoice sending. This also includes the billing system and the e-invoice functionality of the system. 

 

  • Categories of personal data: The personal data processed in the context of subscription system management may include:

 

  • Contact Information: This includes the name, address, email address, and phone number of the invoiced party or the designated recipient for sending the invoice.

 

  • Financial Information: Personal data related to financial transactions, such as bank account details, payment card information, or other payment-related information, may be processed for the purpose of invoice payment and record-keeping.

 

  • Tax Identification Information: In certain jurisdictions, tax identification numbers or other tax-related information may be processed to comply with applicable tax laws and regulations.

 

  • Product or Service Details: Information related to the products or services provided, such as descriptions, quantities of licenses, prices, and any applicable taxes or discounts, may be processed for accurate invoicing.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for subscription system management may vary depending on the specific situation and applicable laws. Common legal bases include:

 

  • Contractual Necessity: Processing personal data for subscription handling is mainly conducted to perform the contract between the Mercell party and the data user that acquired different types of subscriptions.

 

  • Compliance with Legal Obligations: Processing personal data may be necessary to comply with legal obligations, such as tax laws and regulations related to invoicing and record-keeping.

13. Digital signature

This data processing activity involves the digital signature of documents for order confirmation and invoice. This activity also includes notification via email and email authentication for email sending. 

 

Categories of personal data: The personal data processed in the context of digital signature may include:

 

Contact Information: Which includes the name, address, email address, job title and phone number, and company number of the signing party. These details are essential for uniquely identifying the signer and associating their signature with the document.

 

Legal Basis for Data Processing: The legal basis for processing personal data for digital signatures may vary depending on the specific situation and applicable laws. Common legal bases include

 

Legitimate interest: In the context of document signing, the organization's interest in ensuring document integrity and, signing party authentication, the individual's interest in securely signing documents align under legitimate interest.

14. Maintaining and supporting the system

These data processing activities involve any type of Maintenance and support of IT systems, which involves regular monitoring, updates, and troubleshooting to ensure smooth and secure operation from the subscription management system. 

 

  • Categories of personal data: The personal data processed in the context of maintaining and support may include all the data included in te subscription management system item:

 

  • Contact Information: This includes the name, address, email address, and phone number of the invoiced party or the designated recipient for sending the invoice.

 

  • Financial Information: Personal data related to financial transactions, such as bank account details, payment card information, or other payment-related information, may be processed for the purpose of invoice payment and record-keeping.

 

  • Tax Identification Information: In certain jurisdictions, tax identification numbers or other tax-related information may be processed to comply with applicable tax laws and regulations.

 

  • Product or Service Details: Information related to the products or services provided, such as descriptions, quantities of licenses, prices, and any applicable taxes or discounts, may be processed for accurate invoicing.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data may vary depending on the specific situation and applicable laws. Common legal bases for this include

 

  • Legitimate interest: In the context of maintenance, the organization's interest in ensuring system integrity and the smooth operation of the system

 

  • Contractual Necessity: Processing personal data for being able to continue providing the service included in the subscription contract between the Mercell party and the data user that acquired different types of subscriptions.

15) Data Lakes and Warehousing Management

This data processing activity involves the acquisition, storage, and management of data lakes and data warehousing systems within our organisation for statistical analysis and development purpose. The process encompasses various stages, analytics, monitoring anomalies, data application development, and the secure sharing and consumption of real-time or shared data within our CRM system .

 

  • Categories of data: The data   is related to the organisation data 

 

  • Contact Information: This includes the organisation name, address and phone number of the invoiced party or the designated recipient for sending the invoice.

 

  • Financial Information: organisational data related to financial transactions, such as bank account details, payment card information, or other payment-related information, may be processed for the purpose of invoice payment and record-keeping.

 

  • Tax Identification Information: In certain jurisdictions, tax identification numbers or other tax-related information may be processed to comply with applicable tax laws and regulations.

 

  • Product or Service Details: Information related to the products or services provided, such as descriptions, quantities of licenses, prices, and any applicable taxes or discounts, may be processed for accurate invoicing.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data may vary depending on the specific situation and applicable laws. Common legal bases for this include

 

  • Legitimate interest: Legitimate interest allows for the processing of personal data when it is necessary for a legitimate purpose and when the individual's interests, rights, and freedoms are not overridden. For this particular purpose Enhanced Data Analysis: The organization has a legitimate interest in creating a data lake to facilitate advanced data analysis, fostering insights that drive informed decision-making. Improved

 

  • Operational Efficiency: The organization aims to streamline data storage and access, promoting efficiency in data handling and reducing redundancy. Innovation and Development the creation of a data lake aligns with the organization's interest in fostering innovation, enabling the development of new data-driven applications and solutions.

 

  • Business Intelligence: Establishing a data lake supports the organization's legitimate interest in leveraging business intelligence tools for strategic planning and forecasting.

16 Data Processing Activity

Responding to compliance questionnaires and providing assurance and audit reports, along with relevant company documents. The delivery of these documents is managed through an interface, which may require personal data such as the recipient's name, email address, and occasionally, the signature of an NDA for secure transmission.

 

Categories of Personal Data:

  • Contact Information: Includes name and email address of the document recipient.

 

  • Legal Basis for Data Processing: The legal basis for processing personal data for  is contractual necessity as explained bellow

 

  • Contractual Necessity: Processing is required to fulfil contractual obligations associated with responding to client requests and delivering requested documentation to ensure compliance.

 

  • Consent: In cases where additional personal information is needed, or there is no contract between mercell and the data subject, and the revision is not related to pre contractual relationship, the data subejct shall consent to the processing of the data  obtained from the individual for processing that data.

Relevant parties

Data Controller

Mercell 

Webpage: www.mercell.com 

post@mercell.com

 

Data Processors

A) Hubspot Inc

1 Sir John Rogerson's Quay, Dublin 2

Phone: +353 1 5187500

Website: https://www.hubspot.com/

Place of processing: Germany, Ireland, United State.

Use for data processing:1,2,3,4,5,6.,7



B) Google Ireland LTD 

Gordon House Barrow Street Dublin 4,

Phone: 353 1442 9610

Website: https://policies.google.com/privacy?hl=en-US

Place of processing: Germany, Ireland, Bulgaria

Use for data processing: 8

 

C) Hotjar Ltd

Dragonara Business Centre 5th Floor, Dragonara Road,

Paceville St Julian's STJ 3141

Phone number: (855) 464-6788.

Website: https://www.hotjar.com/privacy/

Place of processing: Malta, Ireland, Germany, UK, Spain

Use for data processing: 10



D) ZeroBounce

Yanonali St., Santa Barbara, California 93101

Phone number: EU: +44-330-808-4814

Website: https://www.zerobounce.net/

Place of processing: Romania, Germany 

Use for data processing:  9



E) 360LEARNING

French Société Anonyme, with registered offices at 117 rue de la Tour,

75116

Phone Number: +44 7548255001

Website: https://360learning.com/

Place of processing: France, Ireland 

Use for data processing: 11

 

F) Oracle Corporation UK Limited

Thames Valley Park Reading RG6 1RA United Kingdom

Phone number:   +44 118 924 0000

Website: www.netsuite.com

 Place of processing: 

UK, Netherlands, Germany

Use for data processing: 12

 

G) Workato 

WeWork, 1 Poultry London EC2R 8EJ

Website: https://www.workato.com/

Place of processing: Germany 

Use for data processing: 12

 

H) MonetizeNow Netherlands B.V.

Korte Lijnbaanssteeg 1-4212

1012SL, Amsterdam

The Netherlands

Website: https://www.monetizenow.io/

Place of processing: Sweden. USA. 

Use for data processing: 12

 

I) Zone &co Company Software Consulting EMEA B.V.

Evert van de Beekstraat 11118 CL Schiphol

Website: https://www.zoneandco.com/

Place of processing: Germany, Ireland, Luxembourg

Use for data processing: 12

 

J) DocuSign International (EMEA) Limited

5 Hanover Quay, Grand Canal Dock, Dublin, D02 VY79, Ireland

Website: https://www.docusign.com/company/contact-us

Place of processing: Ireland

Use for data processing: 13

 

K) Novutech ApS

Oesterbrogade 226 st 1  Suite 177 Copenhagen, 2100
Website: https://novutech.com/

Place of processing: Denmark, Belgium 

Use for data processing: 14

 

L) Attlassian 

Herbert Smith Freehills Llp Exchange House, Primrose Street, London, EC2A 2EG. 

Website: https://www.atlassian.com/

Place of processing: Germany Ireland 

Use for support tickets 

 

M) Techtorch 

Website: https://www.techtorch.io/

 Place of processing  Woodside, California, USA

Use for data processing: 14 (Only CRM system)



N) Snowflake Inc 

Bozeman, Suite 3A, 106 East Babcock Street, United States,

Website: www.snowflake.com 

Place of processing: USA

Use for data processing: 15 

 

O) Microsoft B.V.

Evert Van De Beekstraat 354, 1118 CZ, Schiphol

Website: https://www.microsoft.com/nb-no/

Place of processing: Netherlands

Use for data processing: 1

 

P) Google Workspace  (Google Ireland LTD) 

Gordon House Barrow Street Dublin 4,

Phone: 353 1442 9610

Website: https://policies.google.com/privacy?hl=en-US

Place of processing: Germany, Ireland, Bulgaria

Use for data processing: 1



Q) Safebase Inc

41 43rd Avenue, San Francisco.

PHONE: (628) 266-2285

Website: https://safebase.io/

Place of processing: USA

Use for data processing: 16

Types of Data Collected

 

The type data collected are described in each of the processing activities. Personal Data may be freely provided by the user by consenting to some processing activities or requesting some services that require processing of personal data. In the case of another type of data, such as Usage Data, it may be collected and stored in your browser automatically when using a website, since failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

 

Users who would like to learn more about how we process and handle their data are welcome to contact Mercell. 

 

Users are responsible for any third party that obtains, publishes, or shares Personal Data through the use of this Website (such as could be the case of browsers) and confirm that they have given the third party's consent or that such third party has a valid legal basis to provide the Data to Mercell.

Methods of processing

 

Mercell takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

 

The Data processing is carried out using computers and other technical measures, following organizational procedures, such as limiting the access of the data and modes strictly related to people and systems needed to fulfill the purposes of the Service. Mercell only allows the  Data to be accessible to certain types of persons in charge involved with the operation of the processing activities. 

Legal basis for processing

 

Mercell may process Personal Data relating to Users if one of the following conditions is applicable each of the legal basis applicable are mentioned in each of the processing activities:

 

  • Users have given their consent for one or more specific purposes. The user can at any moment retrieve their consent and finish the subscription service and, therefore, the processing of personal data;

  • Provision of Data is necessary for the performance of an agreement with the User and/or for any obligations stated in the terms and conduction thereof;

  • Processing is necessary for compliance with a legal obligation to which Mercell. requires to know information about the data subject;

  • Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in Mercell 

  • Processing is necessary for the purposes of the legitimate interests pursued by Mercell or by a third party.

 Users can at any moment request Mercell to clarify the specific legal basis that applies to each case of processing, and in particular, whether the provision of Personal Data is a statutory or contractual requirement or a requirement necessary to enter into a contract. 

 

Consequences of Withholding or Withdrawing Consent for Data Processing before the fulfilling of the service

 

Consent is essential in some instances to process personal data. Mercell will clearly indicate, at the point of data collection, whether consent is necessary, partially necessary, or optional for the processing of personal data. In case the data subject withdraw the consent before the delivery of the service the data will be deleted from our system and the provision of the service will be stopped. Here’s how a lack of consent affects our services:

 

  1. Service Fully Dependent on Consent: If data processing solely relies on consent, withholding consent prevents Mercell from delivering the requested service.

  2. Partially Dependent on Consent: For services where consent is partly necessary, Mercell may only be able to deliver limited service without full consent.

     

  3. Optional Consent: If consent is an optional aspect, declining it will not impact the overall delivery of the service.

     

Fair and Lawful Collection of Information in Management Review

 

Mercell adheres to strict principles of fairness and legality when collecting personal information, ensuring that all data collection practices meet ethical and regulatory standards. Each management review cycle includes a comprehensive assessment of our data collection methods to verify that information is gathered transparently, with informed consent from data subjects. By focusing on “fair and lawful means” of collection, management reinforces Mercell's commitment to ethical data handling, ensuring compliance with data protection laws and safeguarding individual privacy rights.

 

The review process includes examining whether data was gathered under clear, understandable terms, with explicit consent where required. Management evaluates whether data subjects were fully informed of the purposes of collection, the scope of data being collected, and any potential third-party involvement. This ongoing review not only maintains high compliance standards but also reflects Mercell’s dedication to transparency and accountability in handling personal data.

 

Place

The Data is processed at the Controller and processor´s operating offices and in any other places where the parties involved in the processing are located. The data processing location is either stated in the data processor section and the Mercell subsidiary location: 

 

  • Norway
  • Denmark
  • Belgium 
  • Sweden
  • Finland
  • Netherlands
  • Ireland
  • Luxembourg
  • USA
  • Lithuania
  • Germany 
  • Estonia
  • Latvia
  • Malta

We strive not to transfer your data to any location outside EEA; however, depending on specific processing activities within the functionalities of our processors, we  involve transferring the User's Data outside the EU/EEA. The processors that transfer such data are mentioned in the processor section under place of processing, which states the countries where the data is processed.  When such a transfer takes place, our processors use the respective mechanism provided in Chapter V of the GDPR to ensure compliance with the EU/EEA privacy framework. More details can be requested from Mercell.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the EU, EEA, or to any international organization governed by public international law or set up by two or more countries and about the security measures taken by Mercell to safeguard their Data. Users can contact Mercell for more information on the matter

 

Responsibility for Unstructured Data

In some cases Mercell allow the customer to upload information in free fields including attachment the data subject t is fully responsible for the unstructured data uploaded into Mercell's systems. This includes ensuring the accuracy, legality, and appropriateness of the data. Mercell does not assume responsibility for the content of this data.

To effectively manage unstructured data, Mercell has implemented a process for identification and response. When unstructured data is detected, the relevant teams will collaborate with customers to delete te files upon request, ensuring compliance with data protection regulations and maintaining data integrity within the system.

Security of the processing 

Mercell strives for keeping up with the current state of it's security, incorporating industry recognised security practices to protect the confidentiality, integrity and availability of data. The focus lies on preserving data confidentiality, integrity, and availability, with the following primary elements:

 

 1. Access Control and User Authentication

- Only authorized personnel have access to sensitive information, with access restrictions based on role and responsibility.

- We employ multi-factor authentication (MFA) and periodic access reviews, reducing the risk of unauthorized access.

 

 2. Data Encryption and Secure Storage

- Personal data is encrypted both at rest and in transit to safeguard it against interception and unauthorized retrieval.

- We use advanced encryption standards (AES-256) and secure HTTPS protocols for data exchanges.

- Stored data is managed within controlled environments, employing physical and network-level security barriers to mitigate the risks of unauthorized data exposure.

 

 3. Data Minimization and Retention Policies

- We follow strict data minimization principles, processing only the necessary data for specific purposes and deleting any data no longer required.

- Data retention policies ensure personal data is not stored beyond its required use, and regular audits confirm compliance with these retention schedules.

 

 4. Comprehensive Risk Management Framework

- In line with industry standards, we conduct regular risk assessments to identify, evaluate, and mitigate potential security vulnerabilities.

- A risk treatment plan is created for any identified threats, implementing specific controls to reduce risks to an acceptable level.

 

 5. Incident Management and Response Protocols

- We have established a well-defined incident management process, including protocols to detect, assess, and respond to security incidents and potential data breaches.

- Incident response teams conduct simulations and drills to prepare for potential threats, ensuring readiness for quick containment, mitigation, and recovery efforts in the event of a breach.

 

 6. Data Backup and Disaster Recovery

- To ensure data resilience and availability, we conduct regular, secure backups and have a disaster recovery plan that allows for quick restoration of operations.

- Backups are also encrypted and stored securely to protect against potential data corruption or accidental loss.

 

 7. Employee Training and Awareness

- All employees receive ongoing training on data protection principles and best practices, emphasizing the importance of safeguarding personal data and recognizing security threats.

 - Regular refresher courses, combined with simulated phishing tests and awareness campaigns, strengthen the culture of security and compliance across the organization.

 

 8. Continuous Auditing and Monitoring

- An internal audit process, adhering to industry standard requirements, evaluates the effectiveness of implemented controls, policies, and compliance levels.

- We utilize real-time monitoring tools to detect anomalies or unauthorized activities within our systems, which are promptly reviewed by the security team.

 

 9. Supplier and Third-Party Risk Management

- Third-party partners who may access or process personal data undergo rigorous security and compliance assessments.

- Contracts with third-party providers include clauses ensuring adherence to industry standard  security controls, with regular reviews of these parties to confirm compliance.

 

 10. Documented Policy Framework

- All security measures, including incident response, access control, and data handling policies, are well-documented and reviewed regularly to align with industry standards  requirements.

- Policies are accessible to all employees and subject to review and improvement based on evolving security standards and audit findings.

 

By implementing these robust security measures, we aim to uphold a high standard of data protection, continuously improving our processes and controls to meet the rigorous demands of industry standards  and maintain the trust of our clients and stakeholders.

 

Retention time

 

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between Mercell., and the User shall be retained until such contract has been fully performed or the data user unsubscribes to the service.

  • Personal Data collected for the purposes of Mercell legitimate interests shall be retained as long as needed to fulfill such purposes. Users may be informed if such data storage takes place and regarding the legitimate interests pursued by Mercell within the relevant sections of this document or by contacting Mercell 

  • Mercell may be allowed to retain Personal Data for the period whenever the User has given consent to retain the data for a certain period of time when consenting to data processing,  the data user can prolong the iteration time by renewing the consent and as long as such consent is not withdrawn before the end of the service. 

  • Mercell may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. In such cases, only if allowed by law shall this be notified to the data subject 

  • Once the retention period expires, Personal Data will be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

 

More information regarding the retention time can be requested to Mercell by contacting customer service.

 

The purpose of processing

 

The Data concerning the User is collected to allow Mercell to provide its Service, comply with its legal obligations, respond to enforcement requests, and protect its rights and interests: as well as the following: Contacting the User, managing contacts, and sending messages.

For specific information about the Personal Data used for each purpose, refer to the type of processing section.

The Rights of Users

 

Users may exercise certain rights regarding their Data processed by Mercell 

In particular, Users have the right to do the following:

 

  • Withdraw their consent at any time. Users have the right to withdraw consent to the processing of their Personal Data.

  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.

  • Access their Data. Users have the right to learn and obtain disclosure regarding certain aspects of the processing and request a copy of the Data undergoing processing.

  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, Mercell will not process its Data for any purpose other than storing it.

  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to request and obtain the erasement of their Data from Mercell processing and service.

  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract of which the User is part, or on pre-contractual obligations thereof.

  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details About the Right to Object to Processing

 

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in Mercell, or for the purposes of the legitimate interests pursued by Mercell, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

How to Exercise These Rights:

 

Any requests to exercise User rights can be directed to Mercell through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by Mercell as early as possible and always within one month. Any request can be directed submit in a  support ticket through our service portal  here  or to send to the customer success manager or dpopost@mercell.com 

Additional Information About Data Processing

 

In addition to what is stated above, the user shall be aware of the following aspects regarding data processing and this privacy policy. 

Processing related to legal or court requirements 

The User's Personal Data may be used for legal purposes by Mercell in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.

 

The User declares to be aware that Mercell may be required to reveal personal data upon request of public authorities.

Additional Information about User's Personal Data

 

In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

Privacy notice for portal subscription and use of the platform

 

This Privacy Notice provides you further information related  to how and why  Mercell (name of the group) (hereinafter referred to as "Mercell," "We," or "we").  collects and processes your personal data when you use the Mercell platform.

The Privacy Notice is addressed to customers of Mercell and other private individuals using Mercell services.   Customers of Mercell are or may be any legal person who hired or intends to hire Mercell services, including any legal person who acts on behalf of the customer.

For us, it is important that your personal data and personal integrity are protected and dealt with in accordance with the applicable legal framework, and therefore we ensure that the information we have about you is processed in a lawful and transparent manner in accordance with the data protection regulations. 

We referred to  Personal data as any information that alone or by a combination with other information could be used to identify is about or can be related to an identified or identifiable natural person. 

At Mercell, we ensure that your personal data is processed in accordance with the applicable data protection regulations at all times.

We are regarded as data controllers for the processing of personal data described in this Privacy Notice. You will find contact details below. 

CONTENT OF THE  PERSONAL DATA TO PROCESS WHO DO WE PROCESS PERSONAL DATA ABOUT?

This Privacy Notice addresses Mercell's processing of personal data about the following categories of personal data: 

  • Contact data of any person persons and employees of customers who use the Mercell portals;

  • Contact data of people and other private individuals stated in public tender documents;

  • Other personal private individuals who use the services offered by Mercell.

PURPOSE, CATEGORIES OF PERSONAL DATA, AND LEGAL BASIS

Below is a description of the purposes for which we process personal data, and what categories of personal data we process, as well as the legal basis for the processing.

I. Processing of personal data in connection with registration in the Mercell portals

In connection with the registration and administration of your user in the Mercell portals, we process the following personal data about you:

  • Name;

  • Position in the company;

  • Email address;

  • User name;

  • Telephone number;

  • Language preferences;

  • LinkedIn profile ( not required );

  • Photo ( not required );

  •  Mailing address;

  • Identification number (Only in case the ID matches the organizational ID in certain countries );

  • Date of birth( not required );

  • Fax number; ( not required );

  • Job title, role ( not required ); 

  • Time zone; 

  • Employee number( not required );

  • Nationality( not required );

  • System preferences;

  • Contact language;

  • Data related to customership and contractual relationships such as order and purchase data in different channels or ordered services.

 

Personal data that is registered when you create a user profile will mainly be used to complete the purchase or provide a service based on what was registered or collected. For example, we will use your email address to provide the tender notification service that your employer has signed up for. Furthermore, your name may be published in the Mercell portals as a contact person for your employer in connection with an announced tendering process.

In addition, personal data can be used to document the use of the Mercell portals since all activities are logged for IT security reasons. When a user logs into the portals, a unique ID is created. This ensures that the user does not have to enter a username and password multiple times during a given period of time. The ID also ensures the aforementioned logging of activities. Information created as a result of the use of the portals, including IP addresses, is stored on a central server belonging to Mercell. This information is only used for support purposes and is never provided to third parties.

For all processing described under this section, our legal basis for this processing activity will be either Article 6 (1) Letter B of the GDPR (Necessary for the performance of contracts) or Letter F (legitimate interest), such as when the processing of personal data is necessary to prevent fraud. For all “not required” fields, the legal basis is Article 6 (1) A (Consent)

II. Processing of personal data when you sign up for courses, webinars, or seminars.

If you sign up for courses or similar events via Mercell, we will process general contact information about you (name, employer,  and email). We process this personal data in order to offer you the course. Our legal basis for this processing activity is Article 6 (1) letter b ( Necessary for the performance of a contract) of the GDPR.

Furthermore, we may share personal data about you with third parties when we use external course providers so that they can prepare the course content based on the participants. We only disclose the information relevant to the fulfillment of such this purpose. The legal basis for this processing activity is article 6 (1) letter b (agreement) and Article 6 (1) letter f (GDPR) (legitimate interest).

III. Processing of personal data in connection with the collection of tender documents from public databases

As part of the services Mercell provides, public tender documentation will be obtained from public databases such as Doffin and TED. In this connection, Mercell will be able to process contact information (name, email, employer, position) of employees of actors in tender processes, as well as other personal data that may be stated in these tender documents.

This personal data will only be used to disclose tenders in the Mercell portals so that the buyer and supplier can get in touch with each other. This is a type of processing Mercell has a legitimate interest in performing, as this is an information service that contributes to the fact that already publicly announced tenders reach a larger circle of suppliers. The legal basis for processing this type of personal data follows from article 6 (1) letter f of the GDPR (legitimate interest).

IV. Processing of personal data in connection with direct communication with you

Mercell strives for our customers to get updated and good information about various updates and other conditions we believe are relevant for our customers to enjoy the services we offer. From time to time, we will, therefore send out newsletters and other relevant information to people who have registered a user profile in the Mercell portals.

If we send you inquiries that contain marketing for our services, we will ask for your consent first. The consent will be managed via a link in the email sent to you and will also be available on Mercell´s website. In some cases, consent can be collected through the Mercell portals. Our basis for processing this type of inquiry will be article 6 (1) letter a (consent) of the GDPR and § 15 (1) of the Norwegian Marketing Act, or similar regulation in local Marketing regulation.

In other cases, we will send you newsletters and other inquiries containing information only and not marketing, typically information about the product you use with us, the tender notification service, tender news, an invitation to seminars/webinars or similar. The legal basis for processing such inquiries is article 6 (1) letter f of the GDPR (legitimate interest). 

 

 V. Processing of Personal Data for Security Purposes

 

At Mercell, we prioritize the security of our platform and the protection of our users' information. As part of our commitment to providing a secure environment, we may process personal data for security purposes, including the collection of IP addresses, device information, user behavior, and logs on system, and access attempts. 

In the event of suspicious activities or security-related incidents, we may communicate directly with you to address concerns, provide updates, or seek additional information. This communication ensures that we can maintain the integrity and security of our platform and promptly address any potential risks.

The legal basis for processing personal data for security purposes is Article 6(1)(f) of the GDPR, as it is based on our legitimate interest in maintaining a secure and trustworthy environment for our users. We believe that processing data for security purposes is essential to safeguard the confidentiality, integrity, and availability of the information shared on our platform.

 

VI  Processing of Personal Data for Support Tickets

At Mercell, we are dedicated to providing exceptional support to our users. When you submit a support ticket, we collect and process personal data to address your inquiries, resolve issues, and ensure the optimal functioning of our services.

The information gathered through support tickets may include details such as your name, contact information, and specific details related to the support issue. This data is used solely for the purpose of providing assistance and resolving the reported problems.

Our legal basis for processing personal data in support tickets is Article 6(1)(b) of the GDPR, as it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

 

VII.Customer surveys

Mercell processes personal data in connection with customer satisfaction surveys. It is necessary for Mercell to conduct such surveys in order to obtain feedback on our products and services so that they can be constantly developed and improved. By participating in the survey, you agree that we may process your data. Participation is voluntary. Mercell has a legitimate interest in processing your contact information for this purpose. 

VIII Product development and analysis

 

Mercell may collect information about you as a user for analysis of how you, as a customer, use Mercell's services on digital surfaces. This information is used to develop and prepare the functionality of existing products and services. We use Amplitude and Hubspot for traffic analysis on our website. See more about cookies below.

 

IX Responsibility for Unstructured Data

The customer, as the Data Controller, or the user as data subject is fully responsible for the unstructured data uploaded into Mercell's systems. This includes ensuring the accuracy, legality, and appropriateness of the data. Mercell does not assume responsibility for the content of this data.

 

To effectively manage unstructured data, Mercell has implemented a process for identification and response. When unstructured data is detected, the relevant teams will collaborate with customers to assess the situation, ensuring compliance with data protection regulations and maintaining data integrity within the system. 

MERCELL AS DATA PROCESSOR

For several processing activities, Mercell will act as a data processor instead of a controller. This will mainly apply where buyers or suppliers upload documents containing personal data in the Mercell portals. In such cases, the purchaser or supplier uploading the relevant document will be responsible for the processing of the personal data contained in the document, and this party is thus responsible for ensuring that the processing takes place in accordance with the GDPR.

When the supplier sends information to the buyer, the buyer assumes the role of the data controller. Any document or information from the supplier who access to the tender, including, access log to the tenders including IP address, Names, username, Email address of the user who access the tender publication, communications to the contract signed, will be controlled by the buy side user. Mercell will follow up on the instructions of the data controller. Any type of request from the supply side related to the document or the interaction between the supply and buy-side user has to be addressed directly to the controller (Buy-side). This includes contract management between the user, documentation, messages, and communication, audit logs regarding accessing and/or downloading tender publication. Among others. 

Mercell enters into data processing agreements with all buyers and suppliers for whom we process personal data. 

WHO DO WE SHARE INFORMATION ABOUT YOU WITH?

Your personal data is treated confidentially with us, and only those with the necessary service needs with us will have access to your personal data. As a general rule, we will, therefore, not share your personal data with anyone outside of Mercell.

In some cases, we may need to share your personal data with others. The people we share your information with are established on the section relevant parties

 

Our IT service providers may access personal data if personal data is stored with the supplier, or the supplier otherwise gains access to personal data about you in accordance with the contract with us. This applies, for example, to our customer relationship management systems provider (Hubspot) or support service providers. Please note that some service providers could be located outside the EU/EEA. If personal data is transferred to countries outside the EU/EEA, Mercell will take appropriate measures and conduct the appropriate assessment to protect your security and to ensure that the transfer takes place with a sufficient degree of protection.  Please refer to the section relevant parties for more information.

Other companies within the Mercell Group may access personal data about you in connection with our provision of services to you. The companies are located within EU/EEA in the following countries: Norway, Sweden, Denmark, Netherlands, Finland, Estonia, Lithuania, Latvia. 

Processors and Subprocessors: Depending on the role of Mercell, the list of companies we might use to process data can vary. When acting as a Processor, the subprocessor list can be found in the DPA between Mercell and the customer. When acting as a Controler, the list of processors can be found in the previous section of the privacy policy or in the cookie policy, respectively.

HOW DOES A USER ACCESS HIS/HER PERSONAL DATA, AND HOW CAN THIS INFORMATION BE RECTIFIED?

Each user is responsible for ensuring that the information registered is valid and correct, including that only use information that is relevant to the use of the portals is registered on behalf of the company to which the user belongs. The user will be suspended or permanently blocked from the portals if false information is entered upon registration, e.g., false name or inappropriate contact information. 

Users who are logged on to the Mercell portals can control and update their own user profile. In the same part of the portals, it is possible to add and delete information that is not mandatory, including subscribing/unsubscribing for newsletters from Mercell. All user profiles that contain invalid information will be deleted without prior notice. If a user has forgotten their password, a request can be sent to create a new password by email.

If the user requires insight into registered data linked to the user's own personal data, this is logged in Mercell's portals. The user can contact Mercell at any time for information about logged information or other matters relating to personal data. Please see the contact information at the end of this document.

HOW LONG IS PERSONAL DATA STORED, AND HOW CAN A USER DELETE THEIR DATA?

The information is stored during the period that complies with the law, and Mercell will delete the information when it is no longer needed. The storage period depends on the type of information and why it should be stored:

• User profiles that are registered in connection with the purchase of Mercell licenses are deleted when they have been inactive for a period of 12 months after the license expiry date.

• User profiles that are registered in connection with the use of the Mercell portals without the purchase of licenses are deleted when they have been inactive for 12 months.

In public tendering processes, we are, in certain cases, required by law to preserve published information. Therefore, any user information included as part of such published information cannot be deleted unless Mercell receives a claim for this from the user/organization responsible for the data. This deletion must also be done in accordance with applicable law.

Users who have doubts about what information can be deleted, including information about when and where can contact Mercell. Please see the contact information at the end of this document.

YOUR RIGHTS

According to the GDPR, data subjects have several rights related to the processing of your personal data. Here you will find information about how you can exercise these rights towards Mercell in connection with the processing of your personal data. 

If you request us to exercise one or more of these rights, we will comply with your request within one month of its submission. The request can be directed to dpo@mercell.com and will strive to be answered in 20 business days. 

 

  • Access: you can send us a request for access to our processing of your personal data. 

  • Correction: if you believe that the information we have stored about you is incorrect (e.g., email address or office), you can at any time request that we correct this. 

  • Protest: if you do not want us to process your personal data, you can object to the processing.

  • Withdraw your consent: You may withdraw your consent at any time that we may store and process your personal data where such consent has been given. If you would like to withdraw your consent, please use the contact details below in this Privacy Notice. 

  • Erasure: if you object to the processing of your personal data or you withdraw your consent, information that we have stored about you will be deleted on the condition that we have no other legal basis for retaining it. If you want your personal data deleted under other circumstances, you can easily direct an inquiry to us about this.

  • Data portability: you have the right to demand data portability for information about yourself that you have provided to Mercell, and which has a legal basis for processing in consent or agreement. If you wish to exercise your right to portability, the relevant information about you will be sent to you or a third party that you designate if this is technically possible.

  • Right to restrict the processing: if you want us to restrict the processing of your personal data, you can request this.

  • Right to complain to a supervisory authority: if you believe that our processing of your personal data should be in violation of the GDPR, or other data protection regulations, you have the right to complain about this to the Norwegian Data Protection Authority. Complaints can be submitted on their website; 

Information not Contained in this Policy.


More details concerning the collection or processing of Personal Data can be requested from Mercell at any time. Please use the contact details provided in this document for such a request.

Changes to this privacy policy

 

Mercell reserves the right to make changes to this privacy policy at any time by notifying its Users on this webpage and possibly within this Website and/or by sending a notice to Users via any contact information available to Mercell. It is advisable and requested for users to frequently check this page, referring to the date of the last modification listed at the bottom.  In case the changes affect the processing activities performed on the basis of the User’s consent, Mercell shall collect new consent from the User, where required.

 

CUSTOMER SERVICE AND CONTACT WITH MERCELL

We are always happy to help you if you have any questions or concerns regarding your privacy. If you have any questions about the processing of your personal data, please use the contact details below. 

Our office is open 9am-4pm (CET), Monday to Friday. Office hours may differ on public holidays. 

Sales and general questions:  post@mercell.com

Data Privacy Request:  dpo@mercell.com

 

Complaints and Assistance

 

For any complaints or requests for assistance, please submit a support ticket through our service portal  here  Alternatively, you can send your complaint or request directly to us via email at post@mercell.com We are committed to addressing your concerns promptly and effectively.