About Us
This privacy statement is intended to help you understand what personal data Merlin collects, how we use this information, and what choices you have.
When we refer to “Merlin,” “we,” or “us” in this statement, we are referring to Merlin Software BV, located at Koraalrood 153, 2718 SB in Zoetermeer. When we refer to the “services” or “service provision” in this statement, we are referring to CrisisSuite, the Simulated Media Tool, and related services such as training courses. These services are provided solely on the basis of an agreement between a client organization and Merlin. It is not possible for individuals to use our services.
Our services are available via a web browser and/or through the mobile apps available in the iOS and Android app stores.
We take the security of the data entrusted to us by our customers very seriously. In doing so, we focus on the availability, integrity, and confidentiality of that data. We work hard to live up to the trust placed in us.
Merlin does not have a Data Protection Officer (DPO). For security and/or privacy-related reports or questions, please email: security@merlincrisis.com
Data processing under this heading is always carried out on behalf of the client organization. Under the GDPR, Merlin acts as a Processor, while the client organization remains the Controller.
As part of our services, we collect personal data such as names, email addresses, and phone numbers. In some cases, we also store residential addresses. In addition, when you use our services, we automatically generate log files that contain information about the device used and the IP address.
This information is necessary for our services to function properly. Merlin uses this information solely for the purpose of fulfilling the agreement.
In the CrisisSuite App, users can choose to add their current location to, for example, a new action. Users must opt in to this feature and provide explicit consent. The GPS location is determined and stored only once. There is no location tracking.
As far as we are concerned, you are not required to share your personal data with us. We do not use your data for automated decision-making.
Personal data processed in this context is transferred to our hosting providers. These providers are located in the Netherlands. The servers used are also located in the Netherlands.
The data processing described under this heading is carried out in connection with marketing and sales activities for the purpose of acquiring new customers and supporting the administrative processing of a concluded agreement. In this context, Merlin acts as the sole Data Controller.
In the course of Merlin’s business operations, personal data such as names, email addresses, and phone numbers are collected. This information is necessary to maintain contact with (potential) customers.
Merlin uses this data solely to provide its services or to support their proper processing. This is done with the data subject’s consent and/or is necessary for the performance of the agreement.
Cookies may be placed on your device when you visit our website(s). We may use this information to identify visitors and carry out targeted marketing and sales activities. Cookies are only placed if you give your consent. For more information about the use of cookies, please see our Cookie Policy.
Personal data processed in this context is transferred to tools we use for CRM, project management, internal communication, and administration. Some of these recipients are located outside the EEA, specifically in the United States (U.S.).
All recipients in the U.S. are part of the Data Privacy Framework.
Merlin may share information in accordance with our agreement with the customer and the customer’s instructions, including:
Merlin may share or disclose customer data and other information in the following situations:
Data will be stored on a secure server for the duration of the contract and for one year after the contract ends. Your contact person will be notified three months before the end of the data retention period that your data will be deleted. We offer the option to receive a backup of this data.
If you have any questions about this policy, please contact us at the email address provided in the introduction. If you wish to request access to, correction of, or deletion of your data, you must submit your request to the data controller. With regard to your data in CrisisSuite or the Simulated Media Tool, this is the party to whom we provide our services.
Please note that if you have explicitly consented to the processing of your data, you may withdraw that consent at any time.
In addition, you have the right to file a complaint with the supervisory authority at any time. In the Netherlands, this is the Dutch Data Protection Authority.
We reserve the right to change our privacy policy and this privacy statement at any time. However, you will always find the most recent version of our privacy statement on this page. We recommend that you check this page regularly for the latest version.
