Respect for privacy and personal data protection is part of Mer’s company culture. This enables us to maintain an environment where our customers, vendors and other stakeholders can trust Mer UK to process their personal data. As a customer, vendor or stakeholder, your privacy is important to us. We constantly strive to ensure compliance with all applicable data protection laws and regulations and our privacy and data protection policies.
This privacy statement explains how, why and for how long Mer UK processes your personal data.
THE PERSONAL DATA WE PROCESS
Mer UK collects personal data to operate effectively and provide you with the necessary services.
We process customer and vendor data, including:
- contact information of the relevant persons involved
- information relating to accounts
- spend thresholds, spending and spending patterns
- financial data – such as credit card number, bank account information, and credit check reports
- details on what you are empowered to do on behalf of the organisation you represent (customers and vendors)
- customer vehicle information (including model and license plate number)
WHY WE PROCESS YOUR PERSONAL DATA
Mer UK processes your personal data to provide or procure goods or services to or from you or your organisation
For example, we will process your personal data:
- to provide, manage and maintain our services
- to provide and deliver goods
- to ensure good communication lines with our vendors and customers
- to ensure the security and availability of our services
- to improve our services and communication channels
- for marketing and other customer relation and management purposes
- for contract management purposes
- for communication and social media purposes
- for audit, control and review purposes
- for emergency response purposes
- for due diligence purposes
- for procurement purposes
- for recruitment purposes
HOW WE COLLECT YOUR PERSONAL DATA
We collect your personal data from different sources. You provide some of this data directly through a customer or vendor relationship.
Other data is collected from your activities as a customer, vendor or other stakeholder. We also obtain data from other sources. Here are some situations where we process your personal data.
Information provided by you, such as:
- when you enter into contracts or agreements with us
- when you submit forms to us
- when you access our web pages or use our social media platforms
- when you establish a customer or vendor account with us
- when you send us emails or contact us through other means
Information we receive from your activities as a customer, vendor or other stakeholder, such as:
- your use of our devices, App and/or web portal or other services
- your use of our web pages
- when you order goods or services from us
- your device location data when consent is provided
Information gathered from third parties, such as:
- public authorities
- credit institutions
- other publicly available information
RETENTION OF YOUR PERSONAL DATA
Mer UK retains personal data for as long as necessary to fulfil the purposes for collection.
Your personal data will be stored and deleted in accordance with applicable laws.
REASONS WE SHARE YOUR PERSONAL DATA
We share your personal data with:
Other companies in the Statkraft group
Mer UK is part of the Statkraft group of companies. To the extent it is necessary for fulfilling any of the purposes above, your data is shared with other companies in the Stakraft group.
We use a number of vendors who provide services such as IT services and support, cloud services, installation services, payment services etc. We may allow such vendors to access/receive your personal data to the extent relevant to deliver these services.
We will ensure adequate data processing agreements with our supplier for the purpose of protecting your privacy. When processors outside of the EU/EEA are used, we will ensure that a legal basis for the transfer of personal data exists.
We will also disclose your personal data where required by law, by order or requirement of a court, administrative agency or government tribunal or in response to legal process.
HOW WE SECURE YOUR PERSONAL DATA
Mer UK is committed to protecting the security of your personal data.
- We manage information so it is accurate, readily available and handled in accordance with its sensitivity.
- We use a variety of security technologies and information security procedures to help protect your personal data from unauthorized access, use or disclosure.
- We limit access to your personal data to only personnel or third parties who are tasked with processing this data on Mer UK’s behalf. These parties are subject to strict requirements regarding confidentiality and Mer UK can implement disciplinary actions or terminate the agreements if these conditions are not met.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA
Mer UK Limited is the controller and is responsible for the main decision about the purposes and means of the processing of your personal data. Other Statkraft group companies are responsible for selected processing activities within their sphere of control.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
Mer UK processes personal data only if, and to the extent, that at least one of the following applies:
the data subject has given consent to the processing of his or her personal data for one or more specific purposes processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request steps of the data subject prior to entering a contract processing is necessary for compliance with a legal obligation to which the controller is subject processing is necessary in order to protect the vital interests of the data subject or of another natural person processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
At any time you have the right to ask us to:
- provide you with further details on how we use your personal data
- provide you with a copy of the information that you have provided to us
- update/correct your personal data
- provide information about the logic involved in the automatic processing of your personal data in the case of automated decision-making
- delete any personal information that we no longer have legal grounds to process
- provide you with your personal data in a structured, commonly used and machine-readable format or transmit the data to another controller
- stop particular processing where this is based on legitimate interests unless our reasons for processing the information outweigh any prejudice to your data protection rights
- restrict how we use your information whilst a complaint is under investigation
- lodge a complaint through the contact details in this privacy statement or to the relevant regulatory authority
HOW TO CONTACT US
If you have any requests, questions or complaints about how we process your personal data, please contact us at [email protected]
ABOUT THIS PRIVACY STATEMENT
This privacy statement is based on the transparency requirements in Regulation (EU) 2016/679 (General Data Protection Regulation). This privacy statement will be updated when necessary. Any changes will be published in this document.