About Us
This Privacy Statement is designed to help you understand what personal data Merlin collects, how we use this information, and what choices you have.
When we refer to “Merlin,” “we,” or “us” in this statement, we are referring to Merlin Software BV, located at Koraalrood 153, 2718 SB in Zoetermeer. When we refer to the “services” or “service provision” in this statement, we are referring to CrisisSuite, the Simulated Media Tool, and related services such as training courses. These services are provided solely on the basis of an agreement between a client organization and Merlin. It is not possible for individuals to use our services.
Our services are accessible via a web browser and/or through the mobile applications made available in the app stores for iOS and Android.
The security of data entrusted to us by clients is a critical responsibility we uphold. We focus on the availability, integrity, and confidentiality of this data. We are committed to honoring the trust placed in us.
Merlin does not have a Data Protection Officer (DPO). For security and/or privacy-related notifications or inquiries, please email: security@merlincrisis.com
Data processing under this heading is always carried out on behalf of the client organization. Under the GDPR, Merlin acts as a Processor, while the client organization remains the Controller. The personal data we process in this context is provided to us by the client organization.
During the provision of our services, personal data such as names, email addresses, and phone numbers are recorded. In some instances, residential addresses are also stored. Furthermore, when using our services, logging information is automatically generated, which includes details about the device used and the IP address.
This data is essential for the proper functioning of our services. Merlin utilizes this data solely for the execution of the agreement.
In the CrisisSuite , users can choose to add their current location to, for example, a new action. Users must opt in to this feature and provide explicit consent. The GPS location is determined and stored only once. There is no location tracking.
You are not obligated to share your personal data with us. Your data will not be used by us for automated decision-making.
Personal data processed in this context is transferred to our hosting providers. These providers are located in the Netherlands, and the servers used are also situated in the Netherlands.
The data processing described under this heading is carried out in the context of marketing and sales activities to acquire new customers, to support the administrative processing of concluded agreements, and to facilitate internal business processes, including human resources and organizational management. In this context, Merlin acts as the independent Data Controller.
During the execution of Merlin's business processes, personal data such as name, email address, and phone number are recorded. This data is necessary to maintain communication with existing and potential customers.
Merlin uses this data solely to provide its services or to support their proper processing. Depending on the purpose, this processing is based on consent, the performance of a contract, or a legitimate interest.
When visiting our website(s), cookies may be placed. We may use this information to identify visitors and to develop targeted marketing and sales activities. Cookies are only placed if you provide consent. For more information on the use of cookies, please refer to our Cookie Policy.
Personal data processed in this context is transferred to tools we use for CRM, project management, internal communication, and administration. Some of these recipients are located outside the European Economic Area (EEA), specifically in the United States (U.S.).
When transferring personal data to recipients outside the EEA, we ensure that appropriate safeguards are in place in accordance with the GDPR. This means that:
If you, as a data subject, would like more information about the safeguards in place regarding international transfers of your personal data, please contact us at the email address provided in this statement.
Merlin may share information in accordance with our agreement with the client and the client's instructions, including:
Merlin may share or disclose client data and other information in the following situations:
Data is retained on a secure server for the duration of the contract and for one year after its termination. Your contact person will be notified three months prior to the end of the data retention period that your data will be deleted. We offer the option to receive a backup of this data.
If you have any questions about this policy, please contact us at the email address provided in the introduction.
If you wish to exercise your rights regarding your personal data, you may submit a request to the Data Controller. If your data is stored in CrisisSuite the Simulated Media Tool, the Data Controller is the organization that uses our services.
Under the GDPR, you have the following rights:
If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.
In addition, you have the right to file a complaint with the supervisory authority at any time. In the Netherlands, this is the Dutch Data Protection Authority.
We may ask you to verify your identity before we process your request.
We reserve the right to amend our privacy policy and this privacy statement at any time. However, the most recent version of our privacy statement will always be available on this page. We recommend that you regularly check this page for the latest version.
