MMT Applications Privacy Policy

1. On behalf of our Customer and for purposes defined by our Customer (the legal person who authorized you to use the Mercury Media Technology Applications;
2. On our own behalf and for our own purposes;

and how this data is processed by Mercury Media Technology as a Data Processor (A) or as a Data Controller (B).

Names and contact details of the responsible entity and, where applicable, its representative:

Mercury Media Technology GmbH & Co. KG
Klostertor 1
20097 Hamburg / Germany
hello@mercurymediatechnology.com

For any additional information with regards to Mercury Media Technology’s privacy practices in general, please visit our Privacy Policy on our Website.

We process your Personal Data in compliance with the EU General Data Protection Regulation ("GDPR") and Applicable Data Protection Legislation. Unless otherwise defined in this Policy, the terms used herein shall have the same meaning as defined in the GDPR.

A. PROCESSING ON BEHALF OF OUR CUSTOMER (Mercury Media Technology is your Data Processor)

This section A of the Policy explains which Personal Data we collect about you on behalf of our Customer (in this section A, “the Data Controller”, the legal person who authorized you to use the Mercury Media Technology Applications) in order to enable your log-in into the Mercury Media Technology Applications.

A Data Processing Agreement has been entered between Mercury Media Technology and the Data Controller in order to set out the rules and responsibilities governing the processing of your Personal Data by us. This Section A of the Notice intends to support the Data Controller in complying with their obligation of information towards you under GDPR but does not intend to shift the burden of this obligation of information on Mercury Media Technology.

This Section A of the Policy covers the processing of your Personal Data within the Mercury Media Technology Applications on behalf of the Data Controller and explains how we process your Personal Data in that context. For any information with regards to the Data Controller’s privacy practices, please refer to the Data Controller.

1. What Personal Data we collect and for what Purpose

We process Personal Data which are disclosed to us directly by you or by the Data Controller:

• Professional Email address;
• Name (on a voluntary basis);
• Timestamps;
• IP-Address.

This Personal Data is necessary in order to enable you to log in to the Mercury Media Technology Applications and therefore to fulfill our contractual obligations towards the Data Controller who purchased our services (Art 6 (1) b GDPR – performance of (pre-)contractual duties).

The above Personal Data is processed by default. If the Data Controller intends to process other categories of your Personal Data with the Mercury Media Technology Applications, it is their responsibility to inform you about such processing. For more details on the Data Controllers’ processing operations and purposes, please refer directly to them. Some of the data we request in connection with the above services are mandatory in order to enable your access to the Mercury Media Technology Applications. Without them, we may not be able to provide you access to our Applications.

2. How long we keep your Personal Data

As a Data Processor, we follow the instructions of the Data Controller with regards to the storage of your Personal Data. As the data is stored only to enable the Log-In process, the Data Controller will instruct us to delete such data as soon as your access to the Mercury Media Technology Applications is ended.

Beyond this period we keep your Personal Data for the Data Controller to comply with statutory retention obligations.

3. With whom do we share the Personal Data

We may share your Personal Data only in accordance with the Data Processing Agreement with the following recipients:

• Amazon Web Services legal entity contracting with German legal entities; Hetzner (Hetzner Online GmbH, Industriestr. 25, 91710, Gunzenhausen, Deutschland) for hosting purposes;
  
• Google Cloud for use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
  
• where disclosure is required (i) by law or regulation or (ii) to establish, exercise or defend legal claims, we may also disclose Personal Data to a competent authority, such as supervisory, regulatory or criminal authorities, courts of law or other third parties who advise us in this context (e.g. lawyers or forensics experts).

Some of these recipients may be located in countries outside the EU/EEA for which an adequate level of data protection has not yet been established by the EU Commission. It should be noted that the level of data protection in such countries may not be the same as within the EU/EEA. Also, subject to local laws and regulations data may be accessible to local authorities or courts.

Please note that such transfers to recipients located outside the EU/EEA are only undertaken where the Data Controller gave us their prior approval in writing for such transfers.

Where Personal Data is transferred to such third countries, we implement appropriate safeguards to ensure that your rights are protected in accordance with the GDPR. This includes the conclusion of the EU Commission's standard contractual clauses for the transfer of Personal Data (Art 46 (2) c GDPR) as well as appropriate supplementary measures. 

B. PROCESSING ON OUR OWN BEHALF (Mercury Media Technology is the Data Controller)

This Section B of the Policy explains which Personal Data we collect about you on our own behalf when you use the Mercury Media Technology Applications and how this data is processed by Mercury Media Technology GmbH & Co. KG as the Data Controller ("Mercury Media Technology" or "we").

This Section B of the Policy covers the processing of your Personal Data within the Mercury Media Technology Applications and explains how we process your Personal Data on our own behalf and for our own purposes in that context.

1. What Personal Data we collect and for what Purpose

When you use the Mercury Media Technology Applications we may process Personal Data which you voluntarily provide to us (e.g. by means of a support request, during a research study). However, you can also use the Mercury Media Technology Applications without actively providing us with information about you. In this case we collect certain data that your browser transmits to our website server.

The following explanations shall serve to inform you about the different ways we may collect Personal Data about you on the Mercury Media Technology Applications and for what lawful purposes we may use them.

When you use the Mercury Media Technology Applications, we may process the following Personal Data about you for the following purposes and based on the following legal grounds:

• User-ID, IP-address and login information for the purpose of providing you with our in-app “guided tours” (Art 6 (1) b GDPR – performance of (pre-)contractual duties);
• Your first and last name, email-address, telephone number, communications (telephone recordings, voicemail) for the purpose of processing your support requests (Art 6 (1) b GDPR – performance of (pre-)contractual duties);
• Your first and last name, email-address, telephone number, title for the purpose of offering you additional services (Art. 6 (1) f GDPR – legitimate interest of Mercury Media Technology GmbH & Co. KG or sending you our newsletter (Art 6 (1) a GDPR - consent);
• Browser information and tags in order to help us better understand your needs when using the Mercury Media Technology Applications (Art. 6 (1) f GDPR – legitimate interest of Mercury Media Technology GmbH & Co. KG);
• Your contact information, demographic profile, audiovisual recordings and additional information you chose to share to us during research studies or through feedback and in-platform surveys (Art. 6 (1) f GDPR – legitimate interest of Mercury Media Technology GmbH & Co. KG).

Some of the data we request in connection with the above services are mandatory in order to enable your use of the Mercury Media Technology Applications. Without them, we may not be able to provide you with our Applications.

2. How long we keep your Personal Data

We generally retain your Personal Data for as long as this is necessary for the fulfillment of the purpose for which they were obtained. Thus, in any case we process your Personal Data for the duration of our service relationship with you. Beyond this period we keep your Personal Data to comply with any applicable statutory retention obligations). Where necessary we may also keep your data for as long as potential legal claims against us are not yet time-barred. As soon as there are no legitimate grounds for the further storage of Personal Data available, they will either be deleted or anonymized.

3. With whom do we share the Personal Data

For our own purposes mentioned above, we may share your Personal Data with the following recipients:

• Our employees and Affiliate companies (Mercury Media Technology GmbH & Co. KG, a German company whos registered business address is Klostertor 1, 20097 Hamburg) who may access your data where necessary in order to achieve the purpose of the processing and to support our internal business operations;
• PandaDoc (PandaDoc, Inc. 3739 Balboa Street, Suite #1083, San Francisco, CA 94121, USA), which we use to write, send and store contracts with our customers;
• Chimpify (Chimpify UG (haftungsbeschränkt), Schillerstr. 76, 27570 Bremerhaven) host our website and enable us to send newsletters;
• Freshdesk (Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA), is our customer support tool, enable us to answer tickets from our customers;
• Slack (Slack Technologies Limited, Salesforce Tower, 60 R801, North Dock, Dublin, Irland) is our internal communication tool;
• NO DIRTY TALK (NO DIRTY TALK GmbH, Kaiser-Wilhelm-Str. 89, 20355 Hamburg) is our Sales Agency;
• Grammarly (Grammarly Inc., 548 Market Street, 35410 San Francisco, CA 94104, USA), which helps our customer support with writing feedback suggestions and/or corrections of email drafts;
• HubSpot (HubSpot Germany GmbH Postbahnhof 17 10243 Berlin, Germany) our customer relationship management (CRM) tool enable us to send you our newsletter and to understand your needs in order to offer you additional services;
• Sentry (Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105) for the use of software error tracking;
  
• where disclosure is required (i) by law or regulation or (ii) to establish, exercise or defend legal claims, we may also disclose Personal Data to a competent authority, such as supervisory, regulatory or criminal authorities, courts of law or other third parties who advise us in this context (e.g. lawyers or forensics experts).

Some of these recipients may be located in countries outside the EU/EEA for which an adequate level of data protection has not yet been established by the EU Commission. It should be noted that the level of data protection in such countries may not be the same as within the EU/EEA. Also, subject to local laws and regulations data may be accessible to local authorities or courts.

However, where Personal Data is transferred to such third countries, we implement appropriate safeguards to ensure that your rights are protected in accordance with the GDPR. This includes the conclusion of the EU Commission's standard contractual clauses for the transfer of Personal Data (Art 46 (2) c GDPR) as well as appropriate supplementary measures. Further details on the implemented safeguards as well as copies of the respective agreements are available at dpo@adverity.com.

_________

The following applies whether Mercury Media Technology is acting as a Data Processor (Section A) or if Mercury Media Technology is acting as a Data Controller (Section B).

Your Rights

In accordance with Applicable Law (in particular Art 15 et seq. GDPR), you have the right to access your Personal Data, to request deletion or correction of your Personal Data, to object to the processing of your Personal Data, to request restriction of processing of your Personal Data as well as the right to data portability.

To exercise these rights send an email to hello@mercurymediatechnology.com or a letter to Mercury Media Technology GmbH & Co. KG, Klostertor 1, 20097 Hamburg / Germany or contact directly the Data Controller if Mercury Media Technology does not act as a Data Controller. If you feel that your rights have been violated, you may also file a complaint with the competent data protection authority (in Germany: German Data Protection Authority - Datenschutzbehörde).

We do not process your Personal Data for the purpose of taking decisions based solely on automated processing, including profiling, which produces legal effects concerning you (Art 22 GDPR).

Updates to this Policy

We may update this Policy to reflect legal, technical or business changes. When we update this Policy, we will take reasonable steps to inform you about the changes made. You will find the date of the "last update" at the end of this Policy.

Contact Details 

Should you have any requests or questions in relation to the processing of your Personal Data by us, kindly address them to our Data Protection Officer Tobias Irmer by sending an e-mail to hello@mercurymediatechnology.com.

Last updated: April 27, 2023