This privacy notice does not cover the activities Merkle undertakes on behalf of its clients and in which it acts as a data processor. Should you wish to enquire about the data processing we undertake for any of our clients, or wish to assert your data protection rights regarding that processing, please contact the relevant client directly.
01 | Scope of this privacy notice
This notice outlines how and why Merkle UK One Limited and other members of the Merkle group of companies (“Merkle”, “us”, “our” or “we”) use the personal data collected about you when you:
- visit the website https://www.merkle.com and those of our various brands, or
- otherwise interact with Merkle (for instance when enquiring about Merkle’s services via means other than its website or engaging with Merkle staff at events).
What this privacy notice doesn't cover:
This privacy notice does not cover any data processing carried out by Merkle in connection with employment by, or the supply of contracted services to, Merkle or its subsidiaries. Please contact your local Human Resources Office or the Data Protection Officer (if no longer in employment with Merkle) for assistance in these matters.
This privacy notice does not cover any website operated by a third party which Merkle may link to from its own websites. Please review the privacy notices and cookie policies associated with those websites for details of how they may process your data.
02 | Contacting the Merkle Data Protection Officer
You can contact the Merkle Data Protection Officer by post at:
Data Protection Officer
Merkle
10 Triton Street
Regents Place
London
NW1 3BF
Or by email at: dpouk@merkleinc.com
Or by telephone at: (+44) (0) 330 060 6065
If you have a specific query about exercising your rights under the GDPR, you can find more information in the Your Rights Over Your Personal Information section below.
03 | What information do we collect?
The type of information we collect will depend on the circumstances and the service you are using. Generally speaking, we will collect information relating to you and/or your use of our services in the following ways:
When you visit our websites and you consent to our website setting cookies on your browser, the data that’s collected via those cookies
- We collect information about how you use our website. This includes information relating to the pages you visit on our website, the services or information your search for and the links and content you choose to access. We may also use the personal information you provide through your use of our website to provide you with relevant content and to inform our marketing strategy. This type of activity is known as “profiling” – using automated means to process your personal data to analyse or predict your personal preferences, interest or behaviours. You can object to profiling (see section 9 of this Notice, below)
- Your IP address
- Details of your operating system and browser
- The page that referred you to our site
- The pages you visit within our site
- How you navigate around, click on and otherwise interact with our website pages
- Use of search boxes
- Videos you may watch within our site
- The ID and data within any cookies you have agreed to us placing
- We may infer a company name associated with your IP address
- We may infer a location associated with your IP address
- The date and time of your actions
- Information captured through online data capture forms that appear on our website
When you fill in Merkle data capture forms (including surveys) or enquire about Merkle services either online, on the telephone, or in person at events or when visiting our facilities:
- Your name, job title and role
- Contact information including address, email address and telephone number
- Your communication and marketing preferences
- Your attendance at events, either online or offline
- Details of the organisation you represent
- Any interests you express in our services
- Other information you volunteer relevant to your enquiry
- Other information volunteered by you in response to a survey
- The date and time of your actions
- Our contact history with you
- Your interactions with emails or other electronic messages we send you. For example, when you open or click on an email, which may include use of technology called pixels
- Your responses or replies to any marketing we send you
- The date and time of your actions
- Your name
- Contact information such as address, email address and telephone numbers
- Identify verification information such as copies of utilities bills, passports or driving licenses
- Whether you have ever been an employee of or contractor or supplier to Merkle
- Further details relating to the right you are wishing to assert
- The date and time of your request and its management
We do not actively seek to collect information about children aged 16 or under. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have entered personal data onto our website, please contact us at dpouk@merkleinc.com. We will delete such information from our records within a reasonable time.
For further information on your rights under the General Data Protection Regulation and the UK Data Protection Act 2018 please see the “Your Rights” section below.
04 | How we use your information
TIn the table below we set out further information about the purposes for which we use your personal data and the legal basis we rely on for its use. Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
How We Use Your Data:
To monitor website performance to support its secure and effective operation
When:
When you visit our websites
Lawful Basis:
Legitimate Interest
How We Use Your Data:
To help serve you with content likely to be of interest to you
When:
When you visit our websites
Lawful Basis:
Consent
How We Use Your Data:
Remarketing (showing our ads on third-party websites) and other forms of interest-based advertising
When:
When you visit third-party websites
Lawful Basis:
Consent
How We Use Your Data:
Google Display Network Impression Reporting
When:
When you visit our websites
Lawful Basis:
Consent
How We Use Your Data:
To deal with enquiries you have made - including sales and marketing support
When:
When you visit our websites
Lawful Basis:
Legitimate Interest
How We Use Your Data:
To market our services to you
When:
If you haven’t told us you don’t wish to receive marketing – and we collected your data in connection with an enquiry about or negotiation for our services - we may send you marketing messages about those services.
Lawful Basis:
Legitimate Interest
How We Use Your Data:
To supply you with requested license documentation
When:
Posting or other supply of license information relating to products you have purchased from us
Lawful Basis:
Contractual Necessity
How We Use Your Data:
To understand your view of our services and performance
When:
When you complete customer surveys
Lawful Basis:
Consent
How We Use Your Data:
To assess, respond to and honour data protection rights requests you have made
When:
When you assert your rights under data protection law
Lawful Basis:
Legal Obligation
How We Use Your Data:
To respond to authorities requiring us to supply or process data
When:
When obligated by a regulatory authority to supply or otherwise process your data
Lawful Basis:
Legal Obligation
How We Use Your Data:
Transfer or access during system maintenance
When:
From time to time your data may be accessed by our support and maintenance staff, possibly outside of the EU, to support and maintain our systems and services to you and our clients
Lawful Basis:
Legitimate Interest
Learn More About Lawful Bases for Processing Under the GDPR
- A controller must have a valid lawful basis to process personal data. Without one the processing they are undertaking would be illegal.
- There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.
- Most lawful bases require that processing is ‘necessary’. If a controller can reasonably achieve the same purpose without the processing, they won’t have a lawful basis.
- A controller must determine and document the lawful basis before they begin processing – which is why we have listed them above.
You can learn more about lawful bases for processing here.
You can set your cookie preferences by providing or withdrawing your consent by using our cookie tool.
You can opt out of remarketing operated by many advertising businesses, and made use of by Merkle from time to time, by visiting http://www.youronlinechoices.com/ and http://www.aboutads.info/choices/.
You can opt out of Google Analytics for Display Advertising and customize Google Display Network ads using Google's Ad Settings page.
You can opt out of Google Analytics using this browser add-on
For more advice on your cookie control options please see the cookie specific information below.
For more information on exercising your rights over your personal information see the section below.
Merkle does not use automated decision making or profiling which produce legal effects or significantly affect you in any of the processing detailed above.
You can object to and opt out of our profiling (see Your Rights Over Your Information below).
05 | How long do we keep your personal information?
Merkle keeps personal information only for as long as we need it for our legitimate business purposes or to provide you with the services you have requested.
We may also be obliged to retain your information for legal reasons such as when asserting our rights or assisting you with the exercise of your rights.
06 | Who your personal information may be shared with
We will not disclose your personal information to any other party other than in accordance with this Privacy Notice, related privacy notices, or in the circumstances detailed below:
We use a number of third parties to perform business functions on our behalf, such as sending our newsletters, performing sales and marketing activities and hosting our online services and customer relationship management. We will only disclose the information necessary to enable these third parties to perform their services. Our service providers are contracted to comply with our instructions, protect the information and not to retain, use, or disclose the information for their own business purposes.
We do not sell or rent any personal data about you to any third party.
We may share your information with organisations involved with the provision, management or otherwise direct engagement of events, webinars or other such Merkle hosted functions which you have registered for or have expressed an interest in.
If we sell any or all of our business we may disclose your information to the buyer.
Various public bodies, authorities and courts can require us to disclose personal data to them. Where we are legally required by common or statute law to disclose your personal information we will do so.
The UK ICO’s guidance on legal obligations to disclose data is available here.
07 | Where and when we send personal information abroad
Merkle sometimes transfers personal information outside of the UK or the EEA, to its affiliates in the USA and China (and occasionally to other countries), for the purposes listed above. We may also transfer personal information to countries from where our partners, service providers or clients are located.
When we make any of these transfers, we take appropriate steps to ensure EU data protection law is complied with. These steps might include, for example, transferring the information to someone in a country which the European Commission or the Information Commissioner’s Office has approved as providing adequate protection for personal information, or to someone who has signed standard contractual clauses approved by the European Commission or the Information Commissioner’s Office. Merkle's intra-group agreement includes these standard contractual clauses, to cover transfers to our non-European affiliates.
08 | Your rights over your personal information
We realise that you may not want us to use your information. Our business depends on consumer information and trust, so we are very clear that you have choice and control: you decide what information about you, if any, you are willing for us to keep and use, and for what purposes. For example, you may be happy for us to use your information for marketing but not for profiling, or you might be willing for us to perform profiling but you don't want any of our clients to use your information for their marketing or advertising. You have rights (with some exceptions and restrictions) to:
- Object to receiving marketing and any associated profiling
- Access your personal information, i.e. find out exactly what information we hold about you
- Request personal information you have provided to us in a format which you or another organisation can use
- Request restriction of processing of your personal information
- Request correction or updating of any of your personal information that is inaccurate or request that incomplete personal information is completed
- Request erasure of your personal information
- Object to processing of your personal information that we undertake using the legitimate interest lawful basis
- Complain to your local data protection authority about our collection or use of your personal information. A listing of European National Data Protection Authorities is available here.
Exercising Your Data Protection Rights with Merkle
If you want to exercise any of your rights in connection to data processed under this privacy notice you can contact the Data Protection Officer at the contact details above.
All requests must be accompanied by:
- full name (and any prior names that you may have used in the relevant period)
- home address and relevant previous addresses
- email addresses, which we collectively refer to as "identity information" in the Types of Requests sections of this notice
- if you are a current or previous employee of Merkle
- whether you prefer us to communicate with you by mail or email in response to your request.
We shall require proof of your identity to protect your privacy and ensure that we are responding to your request in line with your actual instructions. We shall ask you to send this in a secure manner.
Please note that once we have verified your identity and address, we will destroy the identification document copies you have sent us.
Object to marketing and / or associated profiling
What we need:
- Identity information
- Proof of identity
- Whether you would prefer not to be profiled for marketing purposes
- Which marketing channels you want to opt out from, or all
What you can expect:
Confirmation email/letter that it has been actioned
How long we aim for it to take (once we have verified your identity)?
Max 7 days
Access your information
What we need:
- Identity information
- Proof of identity
- The information that you require and any parameters with regard to that information
What you can expect:
- Details of what information Merkle holds on you
- Why we’re using your information
- Categories of information being used
- Who we’ve shared the information with
- How long we’re keeping your information
- Whether you have been subject to automated decision making
- Which businesses provided us with your information
How long we aim for it to take (once we have verified your identity)?
Max 1 month
Request a portable copy of relevant data.
What we need:
- Identity information
- Proof of identity
- The personal data that you require
What you can expect:
A copy of your personal data as you requested
How long we aim for it to take (once we have verified your identity)?
Max 1 month
Stop or restrict use of your information
What we need:
- Identity information
- Proof of identity
- Details of the basis on which the restriction request is being made (for example: you contest the accuracy of the personal data that we hold about you).
What you can expect:
If the restriction request is not contested by us, you will receive a confirmation email/letter acknowledging that the restriction has been actioned.
How long we aim for it to take (once we have verified your identity)?
Max 7 days
Request correction or the updating of your personal information or requesting that incomplete personal data is completed
What we need:
- Identity information
- Proof of identity
- The personal data that needs to be updated, or supplementary statement where incomplete personal data is to be completed.
What you can expect:
Confirmation email/letter that it has been actioned
How long we aim for it to take (once we have verified your identity)?
Max 1 month
Object to Merkle's processing of your personal information under the legitimate interest lawful basis
What we need:
- Identity information (e.g. addresses)
- Proof of identity
- The processing you are objecting to
- If possible, why you believe we do not have a legitimate interest in the processing or why such processing overrides your fundamental rights and freedoms
What you can expect:
Confirmation email/letter stating whether we have upheld your objection and actioned your request
How long we aim for it to take (once we have verified your identity)?
Max 7 days
Erase some, or all of, your information
What we need:
- Identity information (e.g. addresses)
- Proof of identity
- Which parts of your personal information you request to be deleted
What you can expect:
Confirmation email/letter detailing Merkle's actions in relation to your request
How long we aim for it to take (once we have verified your identity)?
Max 7 days
Opting Out of Direct Mail and Telemarketing
Responsible marketing companies respect your choice to not receive direct mail advertising or telemarketing.
Merkle uses the various direct mail and telephone suppression services available in the territories its clients operate in. These lists will reduce the volume of marketing you receive from companies with which you do not have an existing relationship (but not from companies that you have given permission to contact you).
Merkle uses Direct Marketing Association (DMA) resources to suppress the names and addresses of individuals who have notified the DMA that they do not want to receive advertising by mail.
If you are in the UK you can register with the UK Mail Suppression Service and the Telephone Preference Service to be added to their listings.
Please contact your local marketing suppression services provider to be added to their listings. If you are elsewhere in the EU, your local Data Protection Authority will be able to help you contact suppression services operating in your country.
09 | How we keep your personal information safe
Merkle's safeguards include robust systems and processes designed to ensure that we collect only the minimum necessary personal information, and that only Merkle staff who need to view your personal information can see it. We carry out checks to make sure we adhere to restrictions on our use of the information (such as where you have not agreed to receive marketing).
We have implemented policies, processes and systems to help keep your information is secure, including encryption of your information in storage and while being sent, whether to us or by us. The Merkle Global Information Security Program is based on the ISO27001/2:2013 standards, the ISC2 CISSP Ten Domains, SANS, and industry and internal Merkle best practices. We periodically monitor and improve standards and regularly test our security measures. We also maintain an incident response plan for dealing with any incident or breach whereby your information may be put at risk or compromised, including measures for logging and audit trails, incident detection and security incident information gathering and reporting.
Merkle also requires its service providers to implement appropriate security measures to safeguard your information and to notify us of any incidents affecting your information.
10 | Cookies
A cookie is a small file which may be downloaded to and stored on your computer, phone, tablet or other device when you visit a website. More general information about cookies is available here.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by being able to remember your choices and preferences.
We use traffic log cookies to identify which pages on our websites are being visited. This helps us analyse data about web page traffic and improve our website’s reliability and to tailor it to customer needs.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you on your computer, other than the data you choose to share with us.
Site specific cookie information and help in understanding, making choices about and managing cookies can be found within our cookie notice.