GDPR key points
GDPR is a new data privacy law. The European Parliament adopted the GDPR in April 2016, starting from May 25th all companies dealing with personal and privacy data of EU citizens should be GDPR compliant. It carries provisions that require businesses to protect the data of EU citizens for transactions that occur within EU member states. Whether the company sells to businesses or consumers or whether it has a physical presence in the EU, deals with EU resident data, the company must be GDPR compliant.
Personally identifiable information or PII
Considering GDPR companies are dealing with personally identifiable information (PII). There are three categories of PII: general personal data, sensitive personal data or criminal activity data. Most selling companies deal with general PII like name and surname, address (which includes physical address or IP address), job and further information like that. Companies require a consent to gather and process general personal data, still additional measures should be involved to gather and use sensitive personal data and criminal activity data.
Rights of the data subject
Under GDPR, data subjects—people whose data is held—have eight specific rights:
Right to complaint
Right to data portability (new)
Right of access by the data subject
Right to rectify or object to data
Right to be forgotten or informed
Right to oppose automated individual decision-making
Right to a data protection officer (DPO) as safeguard (new)
Right to restriction of processing
What personal information we collect?
Merchant Research and Consulting, Ltd. collects personal information from you if you (or an organization for whom you work) purchase or use our services, request information, sign up to an e-newsletter, request customer support or correspond with us.
We collect and process the following personal information about you:
- Identity information: your first name, last name, username or similar identifier, company name, position.
- Contact information: billing address, delivery address, email address and telephone numbers, company website and fax.
- Financial and transaction information: payment related information, details about payments to and from you and other details of products and services you purchase from us.
- Technical information: internet protocol (IP) address, your login data, browser type and version, location, operating system and platform and device and cookie IDs on the devices you use to access this Website and our other web-based products.
- Profile information: your username and password, purchases or orders made by you or on behalf of an organization, your interests, preferences, feedback.
- Marketing and communications information, usage information: information about how you use our Website, products and services, your preferences in receiving marketing materials from us.
- Other information relating to you which you may provide to us, for example in the correspondence that you send to us.
We also collect personal information from third parties such as our partners and associates, and publicly available websites, to maintain the process of delivery market research product and services.
How the information is collected?
The information about you can be collected in following ways:
Direct contact with you upon queries and sales when you give us your contact details, payment details for preparing invoices, when you place an order online, communicate with us by post, phone, email or in other ways. You provide us this information with your consent and the following ways are also included:
- requesting marketing information to be sent to you
- providing us with some feedback on our products or services
- providing us with your contact details for us to help you in using our products
By providing this information, you get the opportunity to interact or communicate with us or our services.
Automated interactions with our Website, where we may automatically collect technical data about your browsing actions, equipment and patterns. This personal information can be collected by using cookies, server logs and other similar technologies.
Third party or publicly available sources, where personal information may be obtained from:
- Our commercial partner or other company we can have a business or contractual relationship with. Under the contract with your employer or organization we may be required to process your personal information in order to comply with our obligations under that contract or to exercise our rights under it.
- Providers of technical, payment and delivery services who host our data inside and outside of the EU.
- Survey and marketing companies based inside and outside the EU
- Analytics providers including those based outside the EU
- Identity and contact data from publicly available resources.
How collected information is used?
Any personal data that you give us is secured properly. Most of personal data we collect we use to fulfill our services and to respond to queries. The collected data can also be used for promotional and marketing purposes, for purposes of improving and administering our Website and for improving clients’ experience.
We process personal information we have collected for the following purposes:
- To process transactions: we may use personal information when user places an order so as to fulfill our services and provide relevant information about our other products. The information is shared with third parties only to the extent necessary to provide the service or with permission of the user. You can any time change your preferences by contacting us via our Website.
- To administer and improve website: we share content and promotions to inform about interesting material and collect information and feedback we receive from you.
- To make research of user experience and improve it: in order to find out how users use our services and resources we may process information individually or aggregated.
- To improve customer service: your information helps us to more effectively respond to your customer service requests and support needs.
- To organize correspondence: we use email addresses we receive from users to send them information and updates concerning their orders as well as to respond to their inquiries and requests or to provide up-to-date information about our other products.
How we protect the information?
Merchant Research and Consulting, Ltd. uses appropriate technologies, policies, processes and procedures to protect personal information. We align our information security policies and procedures with internationally accepted standards and update those policies regularly to reflect changes in legislation and in business needs.
We provide security measures to protect against unauthorized access, alteration, disclosure or destruction of personal information (like username, password, transaction information and data stored on our Website).
Sensitive and private data exchange between the Website and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures. We imply measures to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data, we place appropriate restrictions on access to personal information. We use contracts and security reviews to demand from our third-party vendors, service providers and their sub-contractors to protect any personal information they are shared with complying to our security policies and procedures.
With whom we share the information?
We do not sell, trade, or rent Users personal information unless we are given permission. We may use third party service providers to help us fulfill our business duties and the Website or administer activities on our behalf. Without consent we may share generic aggregated information on visitors and users with our business partners, advertisers for purposes presented above, this information is not linked to any personal identification information.
How long do we keep the data?
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When we no longer need your personal information, we delete or destroy it securely.
We will keep your personal data according to the length of time determined by a number of factors including the purpose we use that information for and our obligations under other laws.
These 3 criteria determine the period of retention of your personal information:
- Queries. In case of queries the information from you will be retained, including the information given on behalf of an organization for whom you work.
- Legal and/or regulatory requirements. In case of legal or regulatory requirement we will carefully consider whether your personal information requires to be retained after the period described above.
- Claims. We will retain certain of your personal information for the period in which you or a third party might bring claims against us.
You require us to retain your personal information for a period longer than our stated retention period;
You require the information to be erased (where it applies) and there is no necessity to hold it in connection with any of the reasons permitted or required under the law;
We bring or defend a legal claim or other proceedings during the period we retain your personal information, we will retain your personal information until those proceedings are concluded and no further appeals are possible; also in limited cases, when existing or future law or a court or regulator requires us to keep your personal information for a period different from the stated one.
Third party websites
Advertising or other content may be found on our Website that refers to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not have control over the content or links that appear on these sites and are not responsible for the practices employed by these websites. These sites and services may have their own privacy and customer service policies. Browsing and interaction on any other website, including websites which are linked to our Website, is subject to that website’s terms and policies. Moreover mentioned websites and resources may be constantly changing.
User’ right to Opt-out
If you prefer not to receive e-mail communications from us please kindly inform us and send an e-mail to email@example.com. Once you would like us to amend or suppress records containing your personal data we will organize it as soon as possible; still for a period whilst we process your records you may receive communications.
Your acceptance of these terms
You ascertain the acceptance of this policy by using this Website. Please cease using this Website if you do not agree to this policy. Your continued use of the Website following the posting of changes to this policy will be considered as acceptance of those changes.