1. Scope of This Privacy Notice
Merkle is a global provider of digital advertising media and data management technology. In the European Economic Area (EEA) and Switzerland the Merkle legal entity responsible for the data that Merkle collects is Merkle UK One Ltd, registered office 10 Triton Street, Regents Place, London, United Kingdom, NW1 3BF and company registration number 04238272. Outside the EEA and Switzerland, the responsible legal entity is Merkle Inc.
This notice outlines how and why Merkle (“Merkle”, “our”, “us”, and “we”) collects and uses personal data specifically from visits to the (https://www.merkleinc.com/emea) website and those of our various brands, our contact with members of the public and with those acting in a professional capacity (such as when enquiring about, researching, reporting on, assessing or engaging in business discussions).
What this Privacy Notice Doesn’t Cover:
Merkle UK One Ltd is a controller for our EEA and Switzerland focused DataSource product. The product covers most of the adult UK population and is built by combining data supplied to Merkle by other companies that collect data from you. DataSource may be extended to cover other countries over time.
This privacy notice does not cover the activities Merkle undertakes on behalf of its clients - in which it acts as a data processor. Should you wish to enquire about the data processing we undertake for any of our clients, or wish to assert your data protection rights regarding that processing, please contact the relevant client directly.
This privacy notice does not cover any data processing carried out by Merkle in connection with employment by, or the supply of contracted services to, Merkle or its subsidiaries. Please contact your local Human Resources Office or the Data Protection Office (if no longer in employment with Merkle) for assistance in these matters.
This privacy notice does not cover any website operated by a third party which Merkle may link to from this website. Please review the privacy notices and cookie policies associated with those websites for details of how they may process your data.
2. About Merkle and our Privacy Philosophy
Merkle is committed to ensuring that the information we use and process is secure while in our care and will be used responsibly. Like our clients, we recognise that the privacy of consumers is paramount in our business, so we continuously seek ways to protect and ensure appropriate use of information related to consumers while promoting policies within the industry that do the same.
To learn more about our Privacy Philosophy please see https://www.merkleinc.com/emea/getting-know-your-privacy-rights/privacy-philosophy.
3. Contacting the Merkle Data Protection Officer
You can contact the Merkle Data Protection Officer by post at:
Data Protection Officer
10 Triton Street
Or by email at: [email protected]
Or by telephone at: (+44) (0) 330 060 6065
If you have a specific query about exercising your rights under the GDPR, you can find more information in the Your Rights Over Your Personal Information section below.
4. What Information do we Collect?
- Your IP address
- Details of your operating system and browser
- The page that referred you to our site
- The pages you visit within our site
- How you navigate around, click on and otherwise interact with our website pages
- Use of search boxes
- Videos you may watch
- The ID and data within any cookies you have agreed to us placing
- We may infer a company name associated with your IP address
- We may infer a location associated with your IP address
- The date and time of your actions
If you do not allow cookies to be placed then the website will not be able to recognise you on future visits and will therefore be less able to tailor content, including advertising, that will likely to be of interest to you.
When you register your information with us, such as your name and email address, in order to receive marketing literature, white papers, and newsletters from Merkle or Merkle’s partners then we will use that information for that purpose.
When you fill in forms or enquire about our services either online, on the telephone, at events, when visiting our facilities or when completing customer surveys:
- Your name, job title and role
- Contact information including address, email address and telephone number
- Your communication and marketing preferences
- Your attendance at events, either online or offline
- Details of the organisation you represent
- Any interests you express in our services
- Other information you volunteer relevant to your enquiry
- Other information volunteered by you in response to a survey
- The date and time of your actions
Should you choose not to provide elements of the information listed in this section then Merkle may only have a partial understanding of your interest in or needs of Merkle and its services and be unable to process requests or fulfil any marketing you may have consented to in the most relevant manner.
- Our contact history with you
- Your interactions with emails or other electronic messages we send you. For example, when you open or click on an email
- Your responses or replies to any marketing we send you
- The date and time of your actions
- Your name
- Contact information such as address, email address and telephone numbers
- Identify verification information such as copies of utilities bills, passports or driving licenses
- Whether you have ever been an employee of or contractor or supplier to Merkle
- Further details relating to the right you are wishing to assert
- The date and time of your request and its management
For further information on your rights under the General Data Protection Regulation and the UK Data Protection Act 2018 please see the “Your Rights” section below.
5. How We Use Your Information
In order to run our business in an effective and relevant manner we collect certain information about individuals and the way they interact with our website. We will also use personal information given to us by individuals who communicate with us or request marketing or sales information, for example, through the website, by telephone and at events.
How We Use Your Data:
Transfer or access during system maintenance
From time to time your data may be accessed by our support and maintenance staff, possibly outside of the EU, to support and maintain our systems and services to you and our clients
Learn More About Lawful Bases for Processing Under the GDPR
- A controller must have a valid lawful basis to process personal data. Without one the processing they are undertaking would be illegal.
- There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.
- Most lawful bases require that processing is ‘necessary’. If a controller can reasonably achieve the same purpose without the processing, they won’t have a lawful basis.
- A controller must determine and document the lawful basis before they begin processing – which is why we have listed them above.
You can learn more about lawful bases for processing here.
You can opt out of remarketing operated by many advertising businesses, and made use of by Merkle from time to time, by visiting http://www.youronlinechoices.com/ and http://www.aboutads.info/choices/.
You can opt out of Google Analytics for Display Advertising and customize Google Display Network ads using Google's Ad Settings page.
You can opt out of Google Analytics using this browser add-on
For more advice on your cookie control options please see the cookie specific information below.
For more information on exercising your rights over your personal information see the section below.
Merkle does not use automated decision making or profiling which produce legal effects or significantly affect you in any of the processing detailed above.
You can object to and opt out of our profiling (see Your Rights Over Your Information below).
6. How Long Do We Keep Your Personal Information?
Merkle keeps personal information only for as long as we need it for our legitimate business purposes or to provide you with the services you have requested.
We may also be obliged to retain your information for legal reasons such as when asserting our rights or assisting you with the exercise of your rights.
7. Who Your Personal Information May Be Shared With
We will not disclose your personal information to any other party other than in accordance with this Privacy Notice, related privacy notices, or in the circumstances detailed below:
We may share your information with organisations involved with the provision, management or otherwise direct engagement of events, webinars or other such Merkle hosted functions which you have registered for or have expressed an interest in.
If we sell any or all of our business we may disclose your information to the buyer.
Various public bodies, authorities and courts can require us to disclose personal data to them. Where we are legally required by common or statute law to disclose your personal information we will do so.
The UK ICO’s guidance on legal obligations to disclose data is available here.
8. Where and When We Send Personal Information Abroad
Merkle sometimes transfers personal information outside of the UK or the EEA, to its affiliates in the USA and China (and occasionally to other countries), for the purposes listed above. We may also transfer personal information to countries from where our partners, service providers or clients are located.
When we make any of these transfers, we take appropriate steps to ensure EU data protection law is complied with. These steps might include, for example, transferring the information to someone in a country which the European Commission has approved as providing adequate protection for personal information, or to someone who has signed standard contractual clauses approved by the European Commission. Merkle's intra-group agreement includes these standard contractual clauses, to cover transfers to our non-European affiliates.
9. Your Rights Over Your Personal Information
We realise that you may not want us to use your information. Our business depends on consumer information and trust, so we are very clear that you have choice and control: you decide what information about you, if any, you are willing for us to keep and use, and for what purposes. For example, you may be happy for us to use your information for marketing but not for profiling, or you might be willing for us to perform profiling but you don't want any of our clients to use your information for their marketing or advertising.
You have rights (with some exceptions and restrictions) to:
- Object to receiving marketing and any associated profiling
- Access your personal information, i.e. find out exactly what information we hold about you
- Request personal information you have provided to us in a format which you or another organisation can use
- Request restriction of processing of your personal information, in some situations (so that we will keep it, but can't do anything with it while an issue is resolved)
- Request correction or updating of any of your personal information that is inaccurate
- Request erasure of your personal information
- Object to processing of your personal information that we undertake using the legitimate interest lawful basis
- Complain to your local data protection authority about our collection or use of your personal information. A listing of European National Data Protection Authorities is available here.
Exercising Your Data Protection Rights with Merkle
If you want to exercise any of your rights in connection to data processed under this privacy notice you can contact [email protected] or the Data Protection Officer at the contact details above.
All requests must be accompanied by
- Full name (and any prior names that you may have used in the relevant period)
- Home address and relevant previous addresses
- Email addresses
- If you are a current or previous employee of Merkle
- Whether you prefer us to communicate by mail or email in response to your request.
- Proof of identity – either scans by email or photocopies by post. Please do not send originals.
- A current driving licence photocard, identity card, passport etc.
- Proof of your address (such as, bank or building society statement, council tax statement etc.) dated within the past 3 months
We require proof of your identity to protect your privacy and ensure that we are responding to your request in line with your actual instructions.
Please note that once we have verified your identity and address, we will destroy the document copies you have sent us.
Erase some, or all of, your information
What we need:
If you only want partial information deleted, which parts
What you can expect:
Confirmation email/letter stating whether we have upheld your objection (as there may be a legal requirement to, or an overriding interest in, retaining the data) and actioned your request
How long we aim for it to take (once we have verified your identity)?
Max 7 days
Opting Out of Direct Mail and Telemarketing.
Responsible marketing companies respect your choice to not receive direct mail advertising or telemarketing.
Merkle uses the various direct mail and telephone suppression services available in the territories its clients operate in. These lists will reduce the volume of marketing you receive from companies with which you do not have an existing relationship (but not from companies that you have given permission to contact you).
Merkle uses Direct Marketing Association (DMA) resources to suppress the names and addresses of individuals who have notified the DMA that they do not want to receive advertising by mail.
Please contact your local marketing suppression services provider to be added to their listings. If you are elsewhere in the EU, your local Data Protection Authority will be able to help you contact suppression services operating in your country.
10. How We Keep Your Personal Information Safe
Merkle's safeguards include robust systems and processes designed to ensure that we collect only the minimum necessary personal information, and that only Merkle staff who need to view your personal information can see it. We carry out checks to make sure we adhere to restrictions on our use of the information (such as where you have not agreed to receive marketing).
We have implemented policies, processes and systems to ensure your information is secure, including encryption of your information in storage and while being sent, whether to us or by us. The Merkle Global Information Security Program is based on the ISO27001/2:2013 standards, the ISC2 CISSP Ten Domains, SANS, and industry and internal Merkle best practices. We periodically monitor and improve standards and regularly test our security measures. We also maintain an incident response plan for dealing with any incident or breach whereby your information may be put at risk or compromised, including measures for logging and audit trails, incident detection and security incident information gathering and reporting.
Merkle also requires its service providers to implement appropriate security measures to safeguard your information and to notify us of any incidents affecting your information.
A cookie is a small file which may be downloaded to and stored on your computer, phone, tablet or other device when you visit a website. More general information about cookies is available here.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by being able to remember your choices and preferences.
We use traffic log cookies to identify which pages on our websites are being visited. This helps us analyse data about web page traffic and improve our website’s reliability and to tailor it to customer needs.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you on your computer, other than the data you choose to share with us.
Site specific cookie information and help in understanding, making choices about and managing cookies can be found within our cookie notice.
12. Updates to the Privacy Notice
This policy is effective from November 20, 2018.