Data Protection Statement

Your data is safe with us

At a glance

  1. 01GeneralHow we make sure your data is safe
  2. 02Your rightsYour right to personal data
  3. 03ContactFor all questions concerning data protection


This data protection declaration contains information for you about the type, scope and purpose of the collection and use of personal data when you visit our website by us - Merkle Germany GmbH  - in accordance with the Federal Data Protection Act (BDSG), the Telemedia Act (TMG), the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

Your data is safe with us

As the operator of this website, it goes without saying that we treat your data responsibly and, in the process, observe all appropriate regulations about data protection and information security. Personal data is collected and disclosed to third parties only to the extent technically necessary for this website. The collection and use of personal data is made regularly only after receiving consent from the person concerned. The exception is in such cases where, for practical reasons, consent cannot be obtained beforehand, and processing of the data is allowed by statutory regulation.

In the following sections, we provide you with an overview about how we guarantee protection of personal data, which sort of data and for what purpose it is collected.

Personal Data

"Personal data" means any information relating to the personal or material circumstances of an identified or identifiable person. Your personal data therefore includes all data that enable identification, such as your name, address, telephone number or email address.

Assigned Data Use

We observe the principle of purpose limitation and collect, process and store your personal data only for the purposes of which we have informed you. There is no disclosure of your personal data to third parties or to an allied company without your expressed consent unless it is not necessary to provide the services or to perform the contract. Disclosure to third parties or to allied companies is assured by guarantee pursuant to Art. 46 GDPR. In addition, any disclosure to state institutions and authorities entitled to information is only made within the framework of the statutory disclosure duties or when we are bound by a legal ruling to provide information.

Within our company, we take internal data protection very seriously. Our employees and companies commissioned by us to provide services are contractually bound to secrecy and to observe the statutory data protection regulations.


Without the permission of parents or custodians, children may not provide us with any personal data. We advise all parents and custodians to instruct their children about the safe and responsible treatment of personal data in internet. We will not knowingly collect personal data from children or use it in any manner or disclose it to third parties.

Data Collection by Merkle

We collect your personal data on our website in two ways: (1) indirectly (for example, through the technology on our website) and (2) directly (for example, if you sign up for our Newsflash).

Indirect Data Collection

Server log files

We collect data when you call up a page and save it as "server log files". The following files are collected:

  • Browser type/version used, operating system
  • Referrer URL
  • Time and date of the server request
  • IP address used.

Such storage in the so-called server log files is necessary for technical reasons and to guarantee system security and troubleshooting. This data is used exclusively for statistical purposes and to improve the quality of our website. We do not assign this data to an identified or identifiable person nor do we commission third parties to do so. In addition, this data is not used to create personal user profiles. However, we reserve the right to later check the server log files if there are concrete indications of illegal use. No conclusions about persons can be drawn from this data.

The legal basis for data processing is the safeguarding of legitimate interests (Art. 6 para. 1 (f) GDPR). The legitimate interest lies in the continuous improvement of the website for reasons of data security and to guarantee the stability and operational safety of our website, for which the collection of statistical data is indispensable. For this reason, there is no possibility for the user to object.

These server log files are deleted by us immediately after the end of the use process.


According to §15 of the current version of the Telemediengesetz, you as a website visitor have the right to object to the storage of your (anonymously collected) visitor data.

We offer you the option of preventing the cookies used by the Merkle Germany GmbH website. In this case, only technically necessary cookies will be set:

Adjust settings for cookies

When you visit our website, we store information in form of cookies on the computer or mobile device you use (here referred to as "cookies").

What are cookies?

Cookies are small files that are stored on your hard disk. A distinction is made between so-called session cookies, which are deleted again after closing your browser, and persistent cookies, which are stored on your device for a longer period of time.

Why do we use cookies?

Some cookies support the proper functioning of the website (e.g. technically necessary cookies). Other cookies allow us to analyse the use of the website (e.g. via Google Analytics). 

What types of cookies does Merkle use?

We use two types of cookies – session cookies and persistent cookies. 

  • Session cookies only remain stored until you close your browser. After that, the cookies are automatically removed from your computer.
  • Persistent cookies remain stored on your computer depending on the timing specified in the cookies. These cookies are deleted after this time and not when you close your browser. These cookies are activated each time you visit our website.

The cookies we use most often are session cookies, as these are the least annoying type of cookies. These session cookies are used to ensure a good user experience when you visit our website.

We use persistent cookies on our website. The cookies used are for analytical purposes, among others. These cookies are used to illustrate which pages have been visited, how many users have visited our website and to be able to analyze the behavior on our website.

Use of cookie consent management platform

On our website we use OneTrust (OneTrust Technology Limited, with registered office at 82 St John St., Farringdon, London EC1M 4JN in the United Kingdom) commissioned and controlled by us. OneTrust is web service, to manage cookie consent. We use this service to block cookies, to collect the necessary consent from our users for the setting of cookies, to enable you to revoke consent that has been given, to document the consent that has been given and revoked, and to correctly assign it to you as a user. For this purpose, OneTrust processes a website ID. We store this website ID for a period of 12 months, after which your data will be deleted.
The legal basis for the processing of your data described is Article 6 Paragraph 1 Sentence 1 Letter c GDPR.

What data is collected?

The data stored in the cookie is anonymous and does not contain any personal information about you, such as your name or IP address, so it is not possible to assign this data to a specific person later on.

What if I do not accept cookies?

By rejecting cookies, the functionality of our website is affected. You may not be able to use all the features and services we offer.
The browsers of many computers, smartphones and other Internet-enabled devices are typically set up to accept cookies. If you do not wish to use cookies on this or any other website, you can set your browser to refuse cookies. The help function of your browser will assist you in doing so.

Direct Data Collection

To enable us to provide our services to you, we may need additional personal data. This applies to our newsletter, contact form, online applications and other services (e.g. sending a study, registering for a webinar). The legal basis for data processing is Art. 6 para. 1 (a) GDPR. If you have registered with our services, we collect and store your personal data after your consent. We use appropriate precautions and modern technologies on our infrastructure to protect your data.

Newsletter (Newsflash)

If you want to receive our newsletter, we require a valid email address from you, as well as your name, which enables us to check that you are the owner of the given email address or that the owner consents to the receipt of the newsletter.

The legal basis for collecting this data is your consent (Art. 6 para.1 (a) GDPR).

At any time, you can withdraw your consent to the storage of data as well its use for sending the newsletter. In every newsletter you will find a “cancellation” link whereby, with one click, you can deregister. Until your cancellation, we store this data so that we can provide the services requested by you.

The newsletter gives information about current events, blog contributions and business news. You can register for this newsletter on our website. Before sending you the regular newsletters, you must send us an email confirming the submitted registration. (double-opt-in-process).


When you take part in our surveys, we will process your name, professional email address and job title in order to link this information to your survey responses and send you your specific evaluation. Furthermore, this will then help our sales team to prepare a bespoke offer, if requested.

We will use our sub-processor SFDC Ireland Limited, Dublin, Ireland in order to process your data as described above. Your data will remain in the European Union.

The legal basis for the collection of this data is your consent (Art. 6 para. 1 lit. a DSGVO).

You may withdraw your consent to the storage of the data and its use at any time by sending an email to

Until you withdraw your consent, we will store the data from the survey for six months so that we can send you a customised offer upon request. Afterwards, this data will be annonymised.

Other services

In addition to these newsletters, you can use the contact form on our website to contact us, register for webinars or virtual events, and download studies and white papers. There are separate forms for all actions, in which we request the data required for the transaction and obtain your consent in accordance with Art. 6 Para. 1 (a) GDPR. This data is also stored for evaluation purposes.  Your data may still be used for marketing purposes, in particular for service purposes provided by us (e.g. webinars, downloading studies).

Furthermore, our CRM system - Salesforce - combines your contact data with your data from project enquiries and existing relationships for all services.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. You can object to the use of your personal data for marketing purposes at any time. You may also revoke any consent you may have given separately. It is sufficient to send a message in written form to our data protection officer or send a letter to Merkle Germany GmbH, Speicherstraße 53, 60327 Frankfurt am Main.

Online Applications

We willingly accept your application on our website for our posted job vacancies or when submitted on your own initiative. For this purpose, we require various sorts of personal data which we store on our internal applicant databank with your explicit consent until your withdrawal. If no appointment is agreed, we erase your application data within six months of its receipt unless you expressly agree to continued storage of data in our talent pool. The legal basis for data collection in this case is provided for in Art. 6 para. 1 (b) GDPR.

After entering and transmitting your data, you will reach the server of our third-party provider SmartRecruiters Inc. directly via an encrypted link. All data is encrypted using the SSL method. We have concluded a data agreement with SmartRecruiters Inc.

Confidentiality of emails

If you send us an email, your email address and your voluntarily submitted data (title, first name, last name, telephone number, company name) will only be used for correspondence with you. Otherwise we would explicitly point this out to you and ask for your consent. Since email communication does not use a secure data connection, please refrain from transmitting confidential information in this way. The contacts are stored in the inboxes of the respective email addresses.

Social Plugins

To enable appropriate and up to date internet distribution of our content, we integrate social networks and other internet services into our online offer. Therefore, on some pages we have linked so called social plugins as for example from Facebook, Twitter, Xing, LinkedIn and Instagram. These are supplied directly by the individual network providers. You can recognise these plugins by the corresponding logos of the individual network provider.

By starting the social plugin, your IP address is transmitted to those who own the plugin. A further data transmission does not take place.

You can find details as to how the social plugin providers handle your personal data in the respective data protection policy statements;


Our website uses YouTube for all videos. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you watch a video that we have posted on the website, you will be connected to YouTube's servers. This will tell the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you can allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers and thus on the basis of Art. 6 Para. 1 (f) GDPR. We only record the extent to which the YouTube videos integrated into our website are accessed and delete this data after a period of two years. 

Further information on the handling of user data can be found in YouTube's data protection declaration at:

Your Rights

We set out here which rights you have in connection with your personal data. Please be aware that data protection regulations and data handling directions e.g. by Google can change all the time. It is therefore advisable and requisite to keep up to date about the changes in legal requirements and the practice of the business e.g. Google.

Rights of Access and Rectification

Without giving reasons, you will receive information at any time about data stored by us.

Your request for information may relate to the following information:

  1. the reasons why your personal data is being processed;
  2. the categories of personal data which are being processed;
  3. the recipient or category of recipients to whom the personal data has been or will be disclosed;
  4. the planned length of time for storing your personal data, if exact information is not possible for this, criteria to determine the storage time;
  5. the existence of a legal right to rectify or erase your personal data, a right to restrict its processing by the responsible controller or a right of objection to its processing;
  6. the existence of a right of appeal to a regulatory body;
  7. all available information about the source of the data if the personal data was not collected from you;
  8. the existence of automated decision making including profiling under Art. 22 para.1 and 4 GDPR and – at least in these cases -  meaningful information about the logic involved as to the extent and the intended impact on you of such processing.

Data access request

You can at any time rectify or complete data collected by us if your processed data is incorrect or incomplete.

Right to Restrictions of Processing

Under the following conditions you may set restrictions on the processing of your personal data

  1. if you challenge the accuracy of your personal data, for a period of time which allows us to check the accuracy of the personal data;
  2. the processing is wrong, and you refuse the erasure of the personal data and instead demand restriction on the use of the personal data;
  3. we no longer require the personal data for processing purposes, but you require it to assert, carry out or defend a legal claim;
  4. if you have made an objection to processing under Art. 21 para. 1 GDPR and have not yet established whether our grounds of justification outweigh yours.

Where the processing of your personal data has been restricted, this data - apart from its storage – may only be processed with your consent or in order to assert, carry out or defend a legal claim or to protect rights of another natural or legal person or for reasons in the important public interest of the Union or a Member State.

Where the restrictions on processing has been imposed under the above requirements you will be notified by us before the restriction is removed.

Restriction on processing personal data

Right to Erasure

You can require us to immediately erase your personal data if one of the following reasons applies:

  1. Your personal data is no longer necessary for the purposes for which it was collected or was processed in another way.
  2. You withdraw your consent on which, under Art. 6 para.1 (a) or Art. 9 para. 2 (a) GDPR the processing is approved and there is no other legal basis for the processing.
  3. Pursuant to Art. 21 para.1 GDPR you lodge an objection against the processing and there are no justified reasons having priority for the processing or you lodge an objection under Art. 21 para. 2 GDPR against the processing.
  4. Your personal data was wrongfully processed.
  5. The erasure of your personal data is to fulfil a legal obligation of Union law or the law of a Member State to which the responsible controller is subject.
  6. Your personal data was collected relating to services offered by information societies pursuant to Art. 8 para. 1 GDPR.

Right to Erasure

Right to Information

If you have asserted a right for rectification, erasure or restrictions of the processing, you have the right to be informed about the recipient to whom your personal data was disclosed.

Right to Data Transfer

You have the right to receive the personal data which you have supplied to us in a structured, normal and machine-readable format. In addition, you have the right to pass this data to another responsible person if

  1. the processing is based on consent given in accordance with Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or in a contract pursuant to Art. 6 para. 1 (b) GDPR and
  2. the processing is made with help of an automated process.

In exercising these rights, you further have the right to have your personal data transferred directly from us to another responsible person provided this is technically possible. Liberties and rights of other persons are not to be infringed by this.

Data transfer

Right of Objection

You may object to the presentation of data collection and storage set out in the data protection declaration. You may also at any time, without giving any reasons, withdraw your consent for our future data collection and usage.

Right of objection

Right of Appeal

Regardless of other administrative or legal remedies you have the right to appeal to a regulatory body, in particular in the Member State of your residence, your working place or the place of the alleged infringement if you are of the opinion that the processing of your data is in breach of the GDPR.


Your trust and your rights are important for us. Therefore, we are willing to account to you at any time about the processing of your personal data. Unless otherwise stated, Merkle Germany GmbH, Speicherstraße 53, 60327 Frankfurt am Main, is responsible for the processing of personal data on our website. Merkle Germany GmbH is a subsidiary of Merkle Switzerland AG located in St.Gallen. For other locations and branches please refer to

If you have questions which are not answered in this data protection declaration or if you want to exercise your legal rights, please contact our data protection team via email