Platform Privacy Policy

Last Updated November 21, 2018

We, at Mercanto Ltd (“Mercanto,” “we,” “us,” or “our”), have created this privacy policy (“Platform Privacy Policy”) to outline how our software platform (the “Platform”) collects, stores, and processes information, on behalf of marketers, retailers and e-commerce brands, and other businesses that use our platform and services (collectively our “Clients”), that is related to Client’s customers and/or users (“End Users” or “you”).

We encourage End Users and Clients to read this Platform Privacy Policy and use it to make informed decisions. Please be aware this Platform Privacy Policy doesn’t apply to each specific Client’s privacy practices or any processing of information, which could be made by the Client outside the remit of our Services (as defined below). If End Users wish to learn how the Client may use such information, they should review the privacy policy of the relevant Client.

In this Platform Privacy Policy, you can read about:

  • Our Services
  • The types of information we process
  • How we collect information about End Users
  • Our use of Cookies
  • How we use the information
  • Whom we share the information with
  • For how long we store the information
  • How we keep the information safe
  • Children’s Personal Information
  • Privacy Shield Certification
  • How to contact Mercanto
Mercanto’s Services

We licence Clients to use our software platform. The platform has different features that include (1) automated email and omnichannel personalisation, and (2) all the tools (e-mail templates and web and mobile layouts) and support necessary to integrate the solution as easily, quickly and successfully as possible (collectively known as the “Services”). We provide these Services under the specific direction of our Clients when collecting and processing your information.

The Information We Collect

In the course of providing the Platform and the associated services, Mercanto may collect the following classes of information from End Users –

Personal Information.

We may collect personally identifiable information that is related to End Users, specifically information that identifies an individual or may with reasonable efforts identify an individual (“Personal Information”), that includes the following:

  • Contact Information: Our Clients may send us End Users’ names and e-mail addresses to support our Clients’ personalised messaging strategies when using our Services.
  • Technical Information: We may collect Personal Information from the End User’s devices when End Users access or visit Clients’ websites (the “Websites”). Such information includes geolocation data, IP addresses, and other unique identifiers.
Non-personal Information.

We collect anonymous and non-identifiable data relating to End-User(s), which may be transferred to us or gathered via the End User’s use of the Client’s website (“Non-personal Information”). In this circumstance, we are not cognizant of the identity of the person from whom the Non-personal Information was collected. Non-personal Information being collected may include the following:

  • End User’s Activity. We may automatically collect Information when End Users visit or access the Client’s Websites, including the time stamp; browser type, referring URL; operating system; whether or not your browser accepts cookies; pages viewed on the Client Website; products viewed, placed in the shopping cart, and purchased on the Client Websites; quantity, price, and purchase ID of products placed in cart or purchased on the Websites; and any custom page data, as defined by our Clients.
  • Inferred Information. Based on the information we collect from the End User’s Website activity and information collected via previous Mercanto cookies and local storage (as outlined below), we may infer other information, such as geolocation, country, state, weather, heat index, or proximity to a store/ retail location.

If we combine Users’ Non-personal Information with Personal Information, we will treat the combined data will as Personal Information for so long as it is combined.

Cookies and JavaScript Tags

We collect and store information using “cookie” technology, JavaScript tags and other tracking technologies when End Users access the Retailer’s Website.
Cookies are small quantities of data that a website places on your computer, so the computer will “remember” information about your web visit. We may use (1) ‘session cookies’ (which expire once you close your web browser) and (2) ‘persistent cookies’ (which remain on your computer until you delete them) to help us store information and enhance your experience using the Client’s website. If you do not wish us to place a cookie on your hard drive, you may wish to turn that feature off on your computer. Please consult your browser’s documentation for information on how to block or delete cookies. However, if you decide to not accept cookies from us, the Website may not function properly.

We may also employ JavaScript tags to help us and our Clients personalise and optimise your experience on the Website, as well as for reporting purposes.

How we Collect End User Data

We collect End User data via events fired by JavaScript tags that our Clients or we develop. These events are sent to If End users interact with the Client outside of the Client’s website, then the Client may also send us information about those interactions through other means, for example, if the End User makes a purchase in a physical store location operated by the Client.

How we Use End User’s Personal Information

We store and share Personal Information in the processes outlined in this Platform Privacy Policy. In addition to the objectives outlined above, we collect information for the following purposes:

  • To provide the Services to our Clients. E.g., when we receive your Personal Information (for example an email address), we may analyse such data and may advise our Clients or their ESPs which content to insert into marketing or other communications that are sent to you. We, our Clients or their email providers will then send you a personalised e-mail based on our recommendations.
  • To send to our Clients relevant updates and information related to the Services;
  • To broadly understand the interests and requirements of our Clients and their End Users;
  • To carry out anonymous analytics to improve our Platform and Services.
  • To troubleshoot and support our Services;
  • To investigate and resolve any dispute associated with our Services
  • To enforce our policies and investigate violations as required by law or other governmental authority, or to respond to a government request or comply with a subpoena or similar legal processes.
  • To monitor network capacity and system performance, test and fix systems, and to develop and implement system upgrades.
With whom we Share Personal information that we collect

We do not sell, rent, or share your Personal Information with any third parties except as described within this Privacy Policy.
Mercanto may share Personal Information with the following organizations: (i) our parent companies, subsidiaries, joint ventures, affiliates, or any other companies under common control with Mercanto; (ii) the Client you engage with directly; (iii) subcontractors and any other third party service providers, such as cloud computing service providers; (iv) any potential purchasers or investors in Mercanto; (v) auditors or advisors of our business processes.

Without your prior consent, we will not share your Personal Information except as required by law, for example, to comply with a court order, subpoena, or similar legal process, and when we believe that disclosure is necessary to protect your safety or the safety of others, our legal rights, investigate fraud or reply to a government request.

Data Retention and End Users’ Rights

We respect our End Users privacy and control over their Personal Information. In situations where we are legally required, an End User may request that we correct errors concerning their Personal Information and allow them to receive specific details about his Personal information. You can contact us at with “PRIVACY POLICY” in the subject line.

If you would like to opt-out of Mercanto’s data collection about you using cookies or JavaScript tags, please follow the instructions available on our Clients’ Websites. We use all commercially reasonable efforts to process such requests promptly. Alternatively, you may use a third-party tag management service to disable Mercanto’s tag on our Client’s websites.
We may remove, rectify, or replace incomplete or inaccurate information at any time and at our discretion.
We will keep the information we collect for so long as needed to provide our Services and to comply with all legal obligations.

How We Protect the Information

We respect the confidentiality of your personal information. We take commercially reasonable steps to protect the information from misuse, loss, alteration, unauthorised access, disclosure, or destruction. Please recognise, however, that no security platform is impenetrable. We cannot guarantee the absolute impenetrability of our databases, nor can we guarantee the information you supply will not be intercepted when being transmitted to and from us via the Internet.

Also, we legally oblige any subcontractors who may have access to your Personal Information to take all reasonable steps to protect your Personal Information.

If you have any questions about the security of our Platform, you can contact us at with “PRIVACY POLICY” in the subject line.

Children’s Personal Information and COPAA

Mercanto does not knowingly collect Personal Information from children in the EU who are under sixteen years old. If a parent or guardian becomes aware their child has provided us with Personal Information without their consent, then they should contact us at If we learn that a child under sixteen has provided us with Personal Information, we will delete the information from our databases.

The Children’s Online Privacy Protection Act (COPPA) calls for the parental consent for the collection of Personal Information from children younger than13 years old in the USA. Mercanto complies with COPAA and does not store Personal Information of children unless it’s required to support the internal operations of the Client’s Website. Please consult our Client’s website to determine their legal compliance with COPPA. For information about generally protecting children’s online privacy, please visit the FTC at

Important Notices for Non-U.S. Residents/Privacy Shield Certification

Mercanto complies with the EU-US Privacy Shield Framework as outlined by the U.S. Department of Commerce regarding the collection, storage, and retention of personal information from European Union member countries. Mercanto has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To see more about the Privacy Shield program, and to view Mercanto’s certification, please visit

It is important to note the Platform and its servers are operated in the European Union and elsewhere. If you are located within the United States, please be aware that any information will be transferred to, processed, and used in the European Union and elsewhere. By using the Platform, you unconditionally and irrevocably consent to such transfer, processing, and use of the data in accordance with the EU-US Privacy Shield and this Platform Privacy Policy.

To comply with the Privacy Shield framework, Mercanto commits to the resolution of any complaints regarding your privacy and the collection or use of your data. We have also undertaken to resolve any complaints pursuant to the Privacy Shield Privacy Principles by EU citizens, related to this Platform Privacy Policy and that cannot be resolved directly with our organization, through a panel established by the EU Data Protection Authorities (“EU DPAs”) as an Independent Recourse Mechanism (“IRM”).
If you have any questions about this Platform Privacy Policy, please do contact us as outlined below. We will investigate and respond to your inquiry, and work to resolve any concerns about your privacy question. If you do not receive an acknowledgement of your complaint or, if Mercanto does not satisfactorily address your complaint, then please do contact us to be put in touch with the relevant DPA contacts.

Corporate Transaction

We may share data which relates to End Users in the event of a corporate transaction, for example, sale of a substantial part of our business, merger, consolidation or asset sale. In this situation, the acquiring organisation will assume the obligations and rights as described in this Policy.

Amendments to this Privacy Policy
From time to time we may amend this Platform Privacy Policy. By accessing or utilising the Websites after we make any such amendments to this Platform Privacy Policy, you are deemed to accept such changes. Please know that, to the extent permitted by applicable law, our use of the data is governed by the Platform Privacy Policy in place as of the time we collect the data. Please, therefore, visit this Platform Privacy Policy on a periodic basis.

How to Contact Us

If you have any questions about this Platform Privacy Policy, please contact Mercanto via e-mail at with “PRIVACY POLICY” in the subject line or mail at the following address:
Mercanto Ltd.
Attn: Security Officer
1st Floor, 101 Finsbury Pavement
London EC2A 1RS