Privacy Policy

1. Introduction
‍1.1 This Privacy Policy explains how Mercury (“Mercury”,“we”, “us”, “our”) collects, uses, and protects personal data.

1.2 This policy applies to:
(a) visitors to our website at wearemercury.com; and
(b) individuals and organisations who engage with our products and services.

1.3 We are committed to protecting personal data in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

‍2. Data Controller
‍2.1 For the purposes of applicable data protection laws, Mercury acts as a data controller where we determine the purposes and means of processing personal data.
‍
2.2 Where we process personal data on behalf of customers, we act as a data processor in accordance with their instructions.
‍
‍3. Personal Data We Collect
3.1 Information you provide
‍We may collect personal data that you provide directly to us, including:
(a) name, job title, and company name;
(b) email address and telephone number;
(c) account or login information;
(d) information submitted through contact forms or support enquiries.

‍3.2 Information collected automatically
‍We may automatically collect certain information when you use our website, including:
(a) IP address;
(b) browser type and version;
(c) device and operating system;
(d) pages visited and time spent on the website;
(e) referral sources.

‍3.3 Information from third parties
‍We may receive personal data from third parties, including:
(a) business partners and service providers;
(b) publicly available sources;
(c) customers using our services.

‍4. Use of Personal Data
‍4.1 We process personal data for the following purposes:
(a) to provide and maintain our products and services;
(b) to respond to enquiries and provide support;
(c) to manage customer relationships;
(d) to improve our website and services;
(e) to communicate with you, including marketing (where permitted);
(f) to ensure security and prevent fraud;
(g) to comply with legal obligations.

‍5. Lawful Basis for Processing
‍5.1 We rely on the following lawful bases for processing personal data:
(a) performance of a contract;
(b) legitimate interests;
(c) consent (where required);
(d) compliance with legal obligations.

‍6. Disclosure of Personal Data
‍6.1 We may share personal data with:
(a) service providers and subcontractors;
(b) technology partners, including cloud platform providers;
(c) professional advisers;
(d) regulatory authorities where required by law.

6.2 We do not sell personal data to third parties.

‍7. International Transfers
‍7.1 Personal data may be transferred outside the United Kingdom.
7.2 Where this occurs, we ensure appropriate safeguards are in place, including the use of standard contractual clauses or other approved mechanisms.

‍8. Data Retention
‍8.1 We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.
8.2 We may retain data for longer where required to comply with legal or regulatory obligations.

‍9. Data Subject Rights
‍9.1 Individuals have the following rights under applicable data protection laws:
(a) the right to access personal data;
(b) the right to rectify inaccurate data;
(c) the right to request erasure;
(d) the right to restrict or object to processing;
(e) the right to data portability;
(f) the right to withdraw consent where applicable.

9.2 Requests relating to these rights should be submitted using the contact details set out below.

9.3 You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

‍10. Security
‍10.1 We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

‍11. Third Party Links
‍11.1 Our website may contain links to third-party websites.
11.2 We are not responsible for the privacy practices of such websites.

‍12. Changes to This Policy
‍12.1 We may update this Privacy Policy from time to time.
12.2 Any updates will be published on this page.

‍13. Contact
‍13.1 If you have any questions about this Privacy Policy or our use of personal data, please contact:
Email: DPO@wearemercury.com
Website: wearemercury.com

‍14. Data Processing
‍14.1 Where Mercury processes personal data on behalf of a customer, such processing is governed by the applicable agreement between Mercury and the customer, including any data processing terms.