Privacy Policy

 

1. Scope of This Privacy Notice

Merkle is a global provider of digital advertising media and data management technology. In the European Economic Area (EEA) and Switzerland the Merkle legal entity responsible for the data that Merkle collects is Merkle UK One Ltd, registered office 10 Triton Street, Regents Place, London, United Kingdom, NW1 3BF and company registration number 04238272. Outside the EEA and Switzerland, the responsible legal entity is Merkle Inc.

This notice outlines how and why Merkle (“Merkle”, “our”, “us”, and “we”) collects and uses personal data specifically from visits to the (https://www.merkleinc.com/emea) website and those of our various brands, our contact with members of the public and with those acting in a professional capacity (such as when enquiring about, researching, reporting on, assessing or engaging in business discussions).

What this Privacy Notice Doesn’t Cover:

Merkle Controlled Products

Merkle UK One Ltd is a controller for our EEA and Switzerland focused DataSource product. The product covers most of the adult UK population and is built by combining data supplied to Merkle by other companies that collect data from you. DataSource may be extended to cover other countries over time.

Any data collected by Merkle within the scope of this privacy policy, is not incorporated into DataSource. You can find privacy information for DataSource here.

Marketing and Advertising Services

This privacy notice does not cover the activities Merkle undertakes on behalf of its clients - in which it acts as a data processor. Should you wish to enquire about the data processing we undertake for any of our clients, or wish to assert your data protection rights regarding that processing, please contact the relevant client directly.

Employment

This privacy notice does not cover any data processing carried out by Merkle in connection with employment by, or the supply of contracted services to, Merkle or its subsidiaries. Please contact your local Human Resources Office or the Data Protection Office (if no longer in employment with Merkle) for assistance in these matters.

Third party websites

This privacy notice does not cover any website operated by a third party which Merkle may link to from this website. Please review the privacy notices and cookie policies associated with those websites for details of how they may process your data.

 

2. About Merkle and our Privacy Philosophy

Merkle is committed to ensuring that the information we use and process is secure while in our care and will be used responsibly. Like our clients, we recognise that the privacy of consumers is paramount in our business, so we continuously seek ways to protect and ensure appropriate use of information related to consumers while promoting policies within the industry that do the same.

To learn more about our Privacy Philosophy please see https://www.merkleinc.com/emea/getting-know-your-privacy-rights/privacy-philosophy.

 

3. Contacting the Merkle Data Protection Officer

You can contact the Merkle Data Protection Officer by post at:

Data Protection Officer
Merkle
10 Triton Street
Regents Place
London
NW1 3BF

Or by email at: dpo@merkleinc.com

Or by telephone at: (+44) (0) 330 060 6065

If you have a specific query about exercising your rights under the GDPR, you can find more information in the Your Rights Over Your Personal Information section below.

 

4. What Information do we Collect?

When you visit our websites

  • Your IP address
  • Details of your operating system and browser
  • The page that referred you to our site
  • The pages you visit within our site
  • How you navigate around, click on and otherwise interact with our website pages
  • Use of search boxes
  • Videos you may watch
  • The ID and data within any cookies you have agreed to us placing
  • We may infer a company name associated with your IP address
  • We may infer a location associated with your IP address
  • The date and time of your actions

If you do not allow cookies to be placed then the website will not be able to recognise you on future visits and will therefore be less able to tailor content, including advertising, that will likely to be of interest to you.

When you register your information with us, such as your name and email address, in order to receive marketing literature, white papers, and newsletters from Merkle or Merkle’s partners then we will use that information for that purpose.

When you connect with us in a professional capacity, we may collect the following information

When you fill in forms or enquire about our services either online, on the telephone, at events, when visiting our facilities or when completing customer surveys:

  • Your name, job title and role
  • Contact information including address, email address and telephone number
  • Your communication and marketing preferences
  • Your attendance at events, either online or offline
  • Details of the organisation you represent
  • Any interests you express in our services
  • Other information you volunteer relevant to your enquiry
  • Other information volunteered by you in response to a survey
  • The date and time of your actions

Should you choose not to provide elements of the information listed in this section then Merkle may only have a partial understanding of your interest in or needs of Merkle and its services and be unable to process requests or fulfil any marketing you may have consented to in the most relevant manner.

When we market to you

  • Our contact history with you
  • Your interactions with emails or other electronic messages we send you. For example, when you open or click on an email
  • Your responses or replies to any marketing we send you
  • The date and time of your actions

When you assert your rights under data protection law

  • Your name
  • Contact information such as address, email address and telephone numbers
  • Identify verification information such as copies of utilities bills, passports or driving licenses
  • Whether you have ever been an employee of or contractor or supplier to Merkle
  • Further details relating to the right you are wishing to assert
  • The date and time of your request and its management

For further information on your rights under the General Data Protection Regulation and the UK Data Protection Act 2018 please see the “Your Rights” section.

 

5. How We Use Your Information

In order to run our business in an effective and relevant manner we collect certain information about individuals and the way they interact with our website. We will also use personal information given to us by individuals who communicate with us or request marketing or sales information, for example, through the website, by telephone and at events.

How We Use Your Data

How We Use Your Data: To monitor website performance to support its secure and effective operation

When: When you visit our websites

Lawful Basis: Legitimate Interest

 

How We Use Your Data: To help serve you with content likely to be of interest to you

When: When you visit our websites

Lawful Basis: Consent

 

How We Use Your Data: Remarketing (showing our ads on third-party websites) and other forms of interest-based advertising

When: When you visit third-party websites

Lawful Basis: Consent

 

How We Use Your Data: Google Display Network Impression Reporting

When: When you visit our websites

Lawful Basis: Consent

 

How We Use Your Data: To deal with enquiries you have made - including sales and marketing support

When: When you visit our websites

Lawful Basis: Legitimate Interest

 

How We Use Your Data: To market our services to you

When: If you haven’t told us you don’t wish to receive marketing – and we collected your data in connection with an enquiry about or negotiation for our services - we may send you marketing messages about those services.

Lawful Basis: Legitimate Interest

 

How We Use Your Data: To supply you with requested license documentation

When: Posting or other supply of license information relating to products you have purchased from us

Lawful Basis: Contractual Necessity

 

How We Use Your Data: To understand your view of our services and performance

When: When you complete customer surveys

Lawful Basis: Consent

 

How We Use Your Data: To deal with the enquiry you have made about a vacancy and to process any application through our recruitment process. This may involve the use of a third-party recruitment service provider.

When: When enquiring about vacancies and during recruitment

Lawful Basis: This use is addressed in our specific employment privacy notice

 

How We Use Your Data: To assess, respond to and honour data protection rights requests you have made.

When: When you assert your rights under data protection law

Lawful Basis: Legal Obligation

 

How We Use Your Data: To respond to authorities requiring us to supply or process data

When: When obligated by a statutory body to supply or otherwise process your data

Lawful Basis: Legal Obligation

 

How We Use Your Data: Transfer or access during system maintenance

When: From time to time your data may be accessed by our support and maintenance staff, possibly outside of the EU, to support and maintain our systems and services to you and our clients

Lawful Basis: Legitimate Interest

 

Learn More About Lawful Bases for Processing Under the GDPR

  • A controller must have a valid lawful basis to process personal data. Without one the processing they are undertaking would be illegal.
  • There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.
  • Most lawful bases require that processing is ‘necessary’. If a controller can reasonably achieve the same purpose without the processing, they won’t have a lawful basis.
  • A controller must determine and document the lawful basis before they begin processing – which is why we have listed them above.

You can learn more about lawful bases for processing here.

Managing Privacy on This Website

You can opt out of remarketing operated by many advertising businesses, and made use of by Merkle from time to time, by visiting http://www.youronlinechoices.com/ and http://www.aboutads.info/choices/.

You can opt out of Google Analytics for Display Advertising and customize Google Display Network ads using Google's Ad Settings page.

You can opt out of Google Analytics using this browser add-on

For more advice on your cookie control options please see the cookie specific information below.

For more information on exercising your rights over your personal information see the section below.

Automated Decision Making and Profiling With Legal Effect

Merkle does not use automated decision making or profiling which produce legal effects or significantly affect you in any of the processing detailed above.

You can object to and opt out of our profiling (see Your Rights Over Your Information below).

 

6. How Long Do We Keep Your Personal Information?

Merkle keeps personal information only for as long as we need it for our legitimate business purposes or to provide you with the services you have requested.

We may also be obliged to retain your information for legal reasons such as when asserting our rights or assisting you with the exercise of your rights.

 

7. Who Your Personal Information May Be Shared With

We will not disclose your personal information to any other party other than in accordance with this Privacy Notice, related privacy notices, or in the circumstances detailed below:

Events, Functions, and Webinars

We may share your information with organisations involved with the provision, management or otherwise direct engagement of events, webinars or other such Merkle hosted functions which you have registered for or have expressed an interest in.

On Sale of a Business

If we sell any or all of our business we may disclose your information to the buyer.

When Legally Obligated to Disclose

Various public bodies, authorities and courts can require us to disclose personal data to them. Where we are legally required by common or statute law to disclose your personal information we will do so.

The UK ICO’s guidance on legal obligations to disclose data is available here.

 

8. Where and When We Send Personal Information Abroad

Merkle sometimes transfers personal information outside of the UK or the EEA, to its affiliates in the USA and China (and occasionally to other countries), for the purposes listed above. We may also transfer personal information to countries from where our partners, service providers or clients are located.

When we make any of these transfers, we take appropriate steps to ensure EU data protection law is complied with. These steps might include, for example, transferring the information to someone in a country which the European Commission has approved as providing adequate protection for personal information, or to someone who has signed standard contractual clauses approved by the European Commission. Merkle's intra-group agreement includes these standard contractual clauses, to cover transfers to our non-European affiliates.

 

9. Your Rights Over Your Personal Information

We realise that you may not want us to use your information. Our business depends on consumer information and trust, so we are very clear that you have choice and control: you decide what information about you, if any, you are willing for us to keep and use, and for what purposes. For example, you may be happy for us to use your information for marketing but not for profiling, or you might be willing for us to perform profiling but you don't want any of our clients to use your information for their marketing or advertising.

You have rights (with some exceptions and restrictions) to:

  • Object to receiving marketing and any associated profiling
  • Access your personal information, i.e. find out exactly what information we hold about you
  • Request personal information you have provided to us in a format which you or another organisation can use
  • Request restriction of processing of your personal information, in some situations (so that we will keep it, but can't do anything with it while an issue is resolved)
  • Request correction or updating of any of your personal information that is inaccurate
  • Request erasure of your personal information
  • Object to processing of your personal information that we undertake using the legitimate interest lawful basis
  • Complain to your local data protection authority about our collection or use of your personal information. A listing of European National Data Protection Authorities is available here.

Exercising Your Data Protection Rights with Merkle

If you want to exercise any of your rights in connection to data processed under this privacy notice you can contact marketing@merkleinc.com or the Data Protection Officer at the contact details above.

All requests must be accompanied by

  • Full name (and any prior names that you may have used in the relevant period)
  • Home address and relevant previous addresses
  • Email addresses
  • If you are a current or previous employee of Merkle
  • Whether you prefer us to communicate by mail or email in response to your request.
  • Proof of identity – either scans by email or photocopies by post. Please do not send originals.
  • A current driving licence photocard, identity card, passport etc.
  • Proof of your address (such as, bank or building society statement, council tax statement etc.) dated within the past 3 months

We require proof of your identity to protect your privacy and ensure that we are responding to your request in line with your actual instructions.

Please note that once we have verified your identity and address, we will destroy the document copies you have sent us.

If you wish to be removed from our database, you can also do so by providing your email address on this page.

Types of Requests:

Opt out of marketing and / or associated profiling

What we need:

  • Whether you would prefer not to be profiled for marketing purposes
  • Which marketing channels you want to opt out from, or all

What you can expect:

  • Confirmation email/letter that is has been actioned

How long we aim for it to take (once we have verified your identity)?

  • Max 7 days

 

Access your information

What we need:

  • Optionally, you can let us know the types of data that you require. It is of course fine to request everything

What you can expect:

  • Details of what information Merkle holds on you
  • Why we’re using your information
  • Categories of information being used
  • Who we’ve shared the information with
  • How long we’re keeping your information
  • Whether you have been subject to automated decision making

How long we aim for it to take (once we have verified your identity)?

  • Max 1 month

 

Request a portable copy of relevant data.

What we need:

  • Optionally, you can let us know the types of data that you require. It is of course fine to request everything

What you can expect:

  • A copy of the information that you have provided to us and that we continue to hold

How long we aim for it to take (once we have verified your identity)?

  • Max 1 month

 

Stop or restrict use of your information

What we need:

  • Clarification of request, what purposes

What you can expect:

  • Confirmation email/letter that is has been actioned

How long we aim for it to take (once we have verified your identity)?

  • Max 7 days

 

Request correction or the updating of your personal information

What we need:

  • The information that needs to be updated

What you can expect:

  • Details of what information Merkle holds on you
  • How this has been corrected based on your instructions
  • Confirmation email/letter that it has been actioned

How long we aim for it to take (once we have verified your identity)?

  • Max 1 month

 

Object to processing under the legitimate interest lawful basis

What we need:

  • The processing you are objecting to
  • If possible, why you believe we do not have a legitimate interest in the processing or why such processing overrides your fundamental rights and freedoms

What you can expect:

  • Confirmation email/letter stating whether we have upheld your objection and actioned your request

How long we aim for it to take (once we have verified your identity)?

  • Max 7 days

 

Erase some, or all of, your information

What we need:

  • If you only want partial information deleted, which parts

What you can expect:

  • Confirmation email/letter stating whether we have upheld your objection (as there may be a legal requirement to, or an overriding interest in, retaining the data) and actioned your request

How long we aim for it to take (once we have verified your identity)?

  • Max 7 days

 

Opting Out of Direct Mail and Telemarketing.

Responsible marketing companies respect your choice to not receive direct mail advertising or telemarketing.

Merkle uses the various direct mail and telephone suppression services available in the territories its clients operate in. These lists will reduce the volume of marketing you receive from companies with which you do not have an existing relationship (but not from companies that you have given permission to contact you).

Merkle uses Direct Marketing Association (DMA) resources to suppress the names and addresses of individuals who have notified the DMA that they do not want to receive advertising by mail.

If you are in the UK you can register with the UK Mail Suppression Service and the Telephone Preference Service to be added to their listings.

Please contact your local marketing suppression services provider to be added to their listings. If you are elsewhere in the EU, your local Data Protection Authoritywill be able to help you contact suppression services operating in your country.

 

10. How We Keep Your Personal Information Safe

Merkle's safeguards include robust systems and processes designed to ensure that we collect only the minimum necessary personal information, and that only Merkle staff who need to view your personal information can see it. We carry out checks to make sure we adhere to restrictions on our use of the information (such as where you have not agreed to receive marketing).

We have implemented policies, processes and systems to ensure your information is secure, including encryption of your information in storage and while being sent, whether to us or by us. The Merkle Global Information Security Program is based on the ISO27001/2:2013 standards, the ISC2 CISSP Ten Domains, SANS, and industry and internal Merkle best practices. We periodically monitor and improve standards and regularly test our security measures. We also maintain an incident response plan for dealing with any incident or breach whereby your information may be put at risk or compromised, including measures for logging and audit trails, incident detection and security incident information gathering and reporting.

Merkle also requires its service providers to implement appropriate security measures to safeguard your information and to notify us of any incidents affecting your information.

 

11. Cookies

A cookie is a small file which may be downloaded to and stored on your computer, phone, tablet or other device when you visit a website. More general information about cookies is available here.

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by being able to remember your choices and preferences.

We use traffic log cookies to identify which pages on our websites are being visited. This helps us analyse data about web page traffic and improve our website’s reliability and to tailor it to customer needs.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you on your computer, other than the data you choose to share with us.

Site specific cookie information and help in understanding, making choices about and managing cookies can be found within our cookie notice.

 

12. Updates to the Privacy Notice

We may make changes to this Privacy Policy from time to time. When we do, we will update this page. You should review this page from time to time to ensure that you are happy with any changes that have been made.

This policy is effective from November 20, 2018.

 

Undefined