- Our Services
- The types of information we process
- How we collect information about End Users
- How we use the information
- Whom we share the information with
- For how long we store the information
- How we keep the information safe
- Children’s Personal Information
- Privacy Shield Certification
- How to contact Mercanto
We licence Clients to use our software platform. The platform has different features that include (1) automated email and omnichannel personalisation, and (2) all the tools (e-mail templates and web and mobile layouts) and support necessary to integrate the solution as easily, quickly and successfully as possible (collectively known as the “Services”). We provide these Services under the specific direction of our Clients when collecting and processing your information.
The Information We Collect
In the course of providing the Platform and the associated services, Mercanto may collect the following classes of information from End Users –
We may collect personally identifiable information that is related to End Users, specifically information that identifies an individual or may with reasonable efforts identify an individual (“Personal Information”), that includes the following:
- Contact Information: Our Clients may send us End Users’ names and e-mail addresses to support our Clients’ personalised messaging strategies when using our Services.
- Technical Information: We may collect Personal Information from the End User’s devices when End Users access or visit Clients’ websites (the “Websites”). Such information includes geolocation data, IP addresses, and other unique identifiers.
We collect anonymous and non-identifiable data relating to End-User(s), which may be transferred to us or gathered via the End User’s use of the Client’s website (“Non-personal Information”). In this circumstance, we are not cognizant of the identity of the person from whom the Non-personal Information was collected. Non-personal Information being collected may include the following:
- End User’s Activity. We may automatically collect Information when End Users visit or access the Client’s Websites, including the time stamp; browser type, referring URL; operating system; whether or not your browser accepts cookies; pages viewed on the Client Website; products viewed, placed in the shopping cart, and purchased on the Client Websites; quantity, price, and purchase ID of products placed in cart or purchased on the Websites; and any custom page data, as defined by our Clients.
- Inferred Information. Based on the information we collect from the End User’s Website activity and information collected via previous Mercanto cookies and local storage (as outlined below), we may infer other information, such as geolocation, country, state, weather, heat index, or proximity to a store/ retail location.
If we combine Users’ Non-personal Information with Personal Information, we will treat the combined data will as Personal Information for so long as it is combined.
Cookies are small quantities of data that a website places on your computer, so the computer will “remember” information about your web visit. We may use (1) ‘session cookies’ (which expire once you close your web browser) and (2) ‘persistent cookies’ (which remain on your computer until you delete them) to help us store information and enhance your experience using the Client’s website. If you do not wish us to place a cookie on your hard drive, you may wish to turn that feature off on your computer. Please consult your browser’s documentation for information on how to block or delete cookies. However, if you decide to not accept cookies from us, the Website may not function properly.
How we Collect End User Data
How we Use End User’s Personal Information
- To provide the Services to our Clients. E.g., when we receive your Personal Information (for example an email address), we may analyse such data and may advise our Clients or their ESPs which content to insert into marketing or other communications that are sent to you. We, our Clients or their email providers will then send you a personalised e-mail based on our recommendations.
- To send to our Clients relevant updates and information related to the Services;
- To broadly understand the interests and requirements of our Clients and their End Users;
- To carry out anonymous analytics to improve our Platform and Services.
- To troubleshoot and support our Services;
- To investigate and resolve any dispute associated with our Services
- To enforce our policies and investigate violations as required by law or other governmental authority, or to respond to a government request or comply with a subpoena or similar legal processes.
- To monitor network capacity and system performance, test and fix systems, and to develop and implement system upgrades.
With whom we Share Personal information that we collect
Mercanto may share Personal Information with the following organizations: (i) our parent companies, subsidiaries, joint ventures, affiliates, or any other companies under common control with Mercanto; (ii) the Client you engage with directly; (iii) subcontractors and any other third party service providers, such as cloud computing service providers; (iv) any potential purchasers or investors in Mercanto; (v) auditors or advisors of our business processes.
Without your prior consent, we will not share your Personal Information except as required by law, for example, to comply with a court order, subpoena, or similar legal process, and when we believe that disclosure is necessary to protect your safety or the safety of others, our legal rights, investigate fraud or reply to a government request.
Data Retention and End Users’ Rights
We may remove, rectify, or replace incomplete or inaccurate information at any time and at our discretion.
We will keep the information we collect for so long as needed to provide our Services and to comply with all legal obligations.
How We Protect the Information
We respect the confidentiality of your personal information. We take commercially reasonable steps to protect the information from misuse, loss, alteration, unauthorised access, disclosure, or destruction. Please recognise, however, that no security platform is impenetrable. We cannot guarantee the absolute impenetrability of our databases, nor can we guarantee the information you supply will not be intercepted when being transmitted to and from us via the Internet.
Also, we legally oblige any subcontractors who may have access to your Personal Information to take all reasonable steps to protect your Personal Information.
Children’s Personal Information and COPAA
Mercanto does not knowingly collect Personal Information from children in the EU who are under sixteen years old. If a parent or guardian becomes aware their child has provided us with Personal Information without their consent, then they should contact us at email@example.com. If we learn that a child under sixteen has provided us with Personal Information, we will delete the information from our databases.
The Children’s Online Privacy Protection Act (COPPA) calls for the parental consent for the collection of Personal Information from children younger than13 years old in the USA. Mercanto complies with COPAA and does not store Personal Information of children unless it’s required to support the internal operations of the Client’s Website. Please consult our Client’s website to determine their legal compliance with COPPA. For information about generally protecting children’s online privacy, please visit the FTC at http://www.ftc.gov/privacy/privacyinitiatives/childrens.html.
Important Notices for Non-U.S. Residents/Privacy Shield Certification
Mercanto complies with the EU-US Privacy Shield Framework as outlined by the U.S. Department of Commerce regarding the collection, storage, and retention of personal information from European Union member countries. Mercanto has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To see more about the Privacy Shield program, and to view Mercanto’s certification, please visit https://www.privacyshield.gov/US-Businesses.
We may share data which relates to End Users in the event of a corporate transaction, for example, sale of a substantial part of our business, merger, consolidation or asset sale. In this situation, the acquiring organisation will assume the obligations and rights as described in this Policy.
How to Contact Us
Attn: Security Officer
1st Floor, 101 Finsbury Pavement
London EC2A 1RS