Privacy Policy

Welcome to Merge and our website at app.usemerge.com. This Privacy Policy explains what information we collect when you use our website and services, and how it is used.

 

The Basics

Who is responsible for data processing?

The responsible party within the meaning of Germany’s Federal Data Protection Act (Bundesdatenschutzgesetz) (“BDSG”) and the EU’s General Data Protection Regulation (“GDPR”) is Michel Ibele & Raphael Ibele GbR of Marderweg 1, Vogt 88267, Germany  (“Merge”, “we”, “us”, or “our”). 

If you have any questions about this policy or our data protection practices, please contact us using raphael@usemerge.com, call +49(0)15206317487 or write to us at the above address.

What law applies?

Our use of your Personal Data is subject to the BDSG and the GDPR and of course we process your Personal Data accordingly. 

What is Personal Data?

Personal Data is any information about personal or factual circumstances that relate to a person. This may include name, date of birth, email address, postal address or telephone number, but also online identifiers such as IP addresses or device IDs. 

What is processing?

“Processing” is any operation or set of operations that is performed on Personal Data, whether or not it is done automatically. The term is broad and covers virtually any handling of data.

What are the legal bases for processing?

According to BDSG and the GDPR, we should have at least one of the following legal bases to process your Personal Data:

• To fulfill contractual obligations

(The purposes of the data processing are primarily based on the service we provide).

• In connection with our legitimate interests.

(Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples include:

• Ensuring IT security and IT operations, 

• Corporate governance measures and further development of our services, 

• defense against claims by third parties and 
• Enforcement of our own claims).
• Based on your consent

(If you have given us your consent to process Personal Data for specific purposes).

• To comply with legal obligations.

(Processing to comply with our legal obligations.)

Am I obliged to provide data? 

In the context of our business relationship, you are only obliged to provide Personal Data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we usually have to refuse to conclude a contract or can no longer fulfill an existing contract and may have to terminate it.

Special category data

We do neither intend nor seek to process special category data.

Automated Decision Making

Automated decision making is the process of making a decision by automated means without human involvement. Automated decision making does not occur.

DO NOT SELL

We do not sell your personal data.

 

Data that we collect automatically

Log data

Each time you visit our website, our system automatically collects the following data from the visiting device and stores it in a so-called log file: i) name of the file accessed, ii) date and time of the visit, iii) amount of data transferred, iv) notification of successful retrieval, type of browser and version used, v) IP address (identification of the user’s device), vi) operating system of the visiting device, vii) Internet service provider of the visiting device, viii) website from which you access our website, and (ix) which pages of our website you access. The legal basis for this processing is our legitimate interest.

Hosting 

The hosting service used by us for the purpose of operating our website is Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). In doing so Hetzner processes: i) inventory data, ii) contact data, iii) content data, iv) usage data, v) meta data, and vi) communication data of customers, interested parties and visitors of our website and services. The legal basis for this processing is our legitimate interest.

Firebase

We use Firebase Firestore (storages in Europe) of the Google Firebase developer App provided by Google LLC (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, and Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland). By integrating Google services, Google may collect and process information (including personal data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase’s key security and privacy information can be found here: https://firebase.google.com/support/privacy 

Cookies

We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. As set out in the German Data Protection and Privacy in Telecommunications and Telemedia Act (“TTDSG”) and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.

Cookie consent 

 

Our website uses a cookie consent tool “Cookiebot” from Usercentrics (Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark) to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s), ii) Your IP address, iii) Information about your browser, iv) Information about your device, v) Time of your visit to our website. The basis for processing is our legitimate interest and your consent.

Content Management System

We use the Content Management System (CMS) of WordPress by Automattic Inc (60 29th Street Suite 343 San Francisco, CA 94107 US), to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to our website is transferred to WordPress. The legal basis for this processing is our legitimate interest.

Google Tag Manager 

We use Google Tag Manager, which allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal Data is collected. Google Tag Manager triggers other tags that may collect data but does not itself access this data. The legal basis for using Google Tag Manager is our legitimate interest.

Font Awesome 

We integrate Font Awesome of Fonticons Inc, 307 S Main St Ste 202 Bentonville, AR, 72712-9214 United States, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interest.

Links to other websites

Please note that if you use a link from our website to a third-party website, that third-party may also set new cookies that are not covered by this policy. In such cases, we recommend that you read the cookie policy on the third-party website itself.

 

Data we collect directly

Contact 

The processing of Personal Data depends on the nature of your contact. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also contain certain Personal Data. The Personal Data collected when you contact us is used to process your request, and the legal basis is your consent.

Contract Data

We process the Personal Data that arises when you use our services in order to provide our contractual services those include your Full Name, Title, Email address, Billing details, Company and Practice Details. In particular, this includes our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of the fulfillment of our contractual obligations and our legal obligations.

Payment Data

If you make a purchase your payment will be processed via our payment service provider Paddle.com Market Ltd (Paddle Payments Limited of Limerick House, Limerick Lane, Newbridge, Kildare, Ireland) Payment data will solely be processed through Paddle and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

Administration, financial accounting, office organization, contact management.

We process data in the context of administrative tasks and the organization of our business and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the provision of our contractual services. The processing bases are our legal obligations and our legitimate interest. 

Customer support

For optimal customer support, we may store the data related to our customers in our customer relationship management system Encharge provided by Encharge Ltd (str. Cherkovna 57, office 19, Sofia, Bulgaria, 1505). This data processing is based on our legitimate interest in providing our customer service.

When you use our services

We also process the data we obtain on your behalf, if you are a user of our Merge links services. The type of data processed depends on how you use our services and some of the Personal Data you provide may relate to your end users. In accordance with the BDSG and the GDPR, we process this Personal Data as a data intermediary and in accordance with your instructions and use it only for the purposes agreed between you and us.

Further, please be advised that:

• some jurisdictions may require you to disclose your use of our services as your processor in your privacy policy and/or data processing agreement as applicable.
• if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.

We ensure that access by our staff members to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our staff members and enforce privacy and protection safeguards strictly.

The legal basis for the processing of Personal Data is the establishment and implementation of your contract for the use of our services.

Marketing 

If you have given us your separate consent to process your data for marketing and promotional purposes, we are entitled to contact you for these purposes through the communication channels for which you have given your consent.

You may give us your consent in a variety of ways, such as by checking a box on a form asking for permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. In cases where your consent is implied, it is based on the assumption that you could reasonably expect to receive a marketing communication based on your interactions or contractual relationship with us.

Direct marketing is typically by email, but may include other less traditional or new channels. These forms of contact are managed by us or by our contracted service providers. Any direct addressed marketing sent or conducted by us or on our behalf will provide you with the opportunity to opt out or exclude yourself.

Economic analyses and market research

For business reasons, we analyze the data we have on business transactions, contracts, enquiries,browsing behavior etc., whereby the group of persons concerned may include contractual partners, interested parties, and users of our services.

The analyses are carried out for the purpose of business evaluations and market research. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).

Social Media

We are present on social media and if you contact or connect with us via social media platforms, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contract.

 

General Principles

Who receives my information?

Within Merge, those who have access to your information are those who need it to fulfill our contractual and legal obligations.

Processors used by us may also receive data for these purposes. These are companies in the areas of IT services, telecommunications, and sales and marketing. If we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of Personal Data in accordance with the relevant legal provisions.

Data is only passed on to third parties within the framework of the legal provisions. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or due to legitimate interests in the economic and effective operation of our company including the sale of our business, or if you have consented to the transfer of data. 

How long will my data be stored?

To the extent necessary, we process and store your Personal Data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract.

In addition, we are subject to various retention and documentation obligations, which result, among other things, from the statutory minimum retention periods and other retention periods prescribed in this sense, e.g. retention periods under tax or commercial law. Depending on the document and the legal regulation, the periods specified there for storage and documentation are five to six years.

How do we secure your data? 

Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of content or contact requests that you send to us. In addition, we have taken numerous security measures (“technical and organizational measures”), such as encryption or access only when necessary, to ensure the most complete protection of Personal Data processed through this website. 

Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. And databases or records containing Personal Data may be breached inadvertently or by unlawful intrusion. If we learn of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as soon as possible after the breach is discovered.

Is data transferred to a third country?

We ensure that the processing of your Personal Data is governed by processing contracts that include standard contractual clauses to ensure a high level of data protection.

 

Your rights and privileges 

Rights to protect your data 

Under the BDSG and the GDPR, you may exercise the following rights:

• Right to information
• Right to rectification
• Right to deletion
• Right to data portability
• Right to object
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority
• Right not to be subject to a decision based solely on automated processing.

If you have any questions about the type of Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.

Updating your data

If you believe that the data we hold about you is inaccurate or that we are no longer entitled to use it and you wish to request that it be rectified or erased, or object to its processing, please contact us. 

Withdrawal of your consent 

You may withdraw any consent you have given at any time by contacting us. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Request for information 

If you would like to make a request for information about your data, you can inform us in writing. We will respond to requests for information and correction as quickly as possible. If we are unable to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with the personal information you have requested or to make a correction, we will tell you why.

Complaint to a supervisory authority

You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. The data protection authority in relation to our services is The state commissioner for data protection and freedom of information in Baden-Württemberg (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg), Lautenschlagerstrasse 20, 70173 Stuttgart www.baden-wuerttemberg.datenschutz.de. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) (www.bfdi.bund.de) is the Federal Commissioner for Data Protection. However, we would appreciate the opportunity to address your concerns before you contact the state commissioner or the BfDI.

 

Does this policy change?

We may update our Privacy Policy from time to time. This might be for a number of reasons, such as to reflect a change in the law or to accommodate a change in our business practices and the way we use your Personal Data. We recommend that you check here periodically for any changes to our Privacy Policy. This Privacy Policy was last updated on Tuesday, 19th of September, 2023.

Who should I contact for more information?

If you have any questions about this policy or our data protection practices, please contact us using raphael@usemerge.com, call +49(0)15206317487 or write to us at the above address.