- collects and creates Personal Data
- categorizes the Personal Data that it processes
- discloses Personal Data
- transfers Personal Data internationally
- applies security measures to protect Personal Data
- the lawful basis for Mercuria processing Personal Data
- the purpose of such processing
- Mercuria`s principles of data accuracy, data retention and data minimization
- The rights of data subjects; and
- Contact details for enquiries and the exercise of data protection rights.
In relation to the business that you do with Mercuria and in accordance with our obligations under GDPR, we hereby notify you that Mercuria, acting as a data controller, may process information about you, your directors, officers and employees, and affiliates and agents, which may constitute personal data under the GDPR and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Personal Data”).
Mercuria is committed to protecting personal information and therefore all personal data is collected, processed, stored and shared in compliance with this policy.
“Personal Information” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier.
“Sensitive Personal Data” means personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data concerning a natural person’s sex life or sexual orientation.
What personal information do we collect about you and why?
We may collect and generate information about you including your name, contact details and date of birth.
We process your personal information to fulfil our contractual obligations with you and to be able to conduct various business activities with you. We also process your personal data to comply with all relevant international laws, to conduct due diligence to ensure we perform our business activities in an appropriate and ethical manner and to meet the requirements put on us by a number of third party stakeholders. Additionally, we may use your information to comply with legal, regulatory and other requirements necessary to operate our business, including for internal purposes such as audit, data analysis, statistical and research purposes and troubleshooting and to monitor activities as permitted and/or required by local law and/or regulation
When We Disclose Your Information
We do not share your information with non-affiliated entities for marketing purposes. We do, however, share your information as follows:
- With Our Affiliates. As permitted by law we may share your information with our affiliated entities. These entities may market their business, products and services to you, and their use of your personal information will be governed by this policy.
- Partners and Financiers. We may provide your information to carefully screened entities that work on our behalf and with us in our business activities. Only trusted companies who require the use of your information for business purposes are given access to it.
- Service Providers. We may share your information with other third party service providers in order to enable them to assist us in conducting our business with you. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to other people, we will ensure that they have appropriate security standards in place to protect your personal data. When contracting with such third party Service Providers, we will enter into a written contract imposing appropriate security standards on them, particularly with respect to managing your personal data.
The types of third parties we may share your information with include:
- consultants and professional advisors including legal advisors and accountants;
- banks and payment processors in relation to business you conduct with us;
- IT support, website and data hosting providers and administrators;
- analytics and search engine providers;
- courts, court-appointed persons/entities, receivers and liquidators;
- business partners and joint ventures;
- insurers; and
- governmental departments, statutory and regulatory bodies.
In the following circumstances we may also share your information:
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, if we sell or re-organise some or all of our business or as part of a bankruptcy proceeding, we may transfer the information we collected from you to the reorganized or other company. We may also transfer our rights under any customer agreement we have with you.
- To Protect Us and Others. We may also disclose the information that we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of an agreement or this policy, or as evidence in litigation in which we are involved.
- In Response To Legal Process. We may also disclose the information that we collected from you in order to comply with the law, a judicial proceeding, court order or other legal or regulatory processes, such as in response to a court order or a subpoena.
- Aggregate and Anonymous Information. We may share aggregate or anonymous information about users with third parties for research or similar purposes.
- Legal Purposes. To enforce our Terms and Conditions; for example to protect the security of our services, as required by law or when we believe that disclosure is necessary to protects our rights.
Information Sharing Within the Mercuria Group
As a Global company, Mercuria has affiliates and group companies around the world and we may need to share your information with them. Circumstances under which we may share your personal information in this way include:
- where support and functions are provided by other group companies, such as in relation to our website hosting and operation, IT systems and support and maintenance;
- to meet our customer needs by providing services across offices/locations;
- for authorisations /approvals with relevant decision makers;
- for reporting purposes and/or
- where systems and services are provided on a shared basis, such as compliance and for the arrangement of visas.
Access rights between members of the Mercuria Group are limited and are granted only on a need-to-know basis, depending on job functions and roles.
Where any Mercuria Group company processes your personal data on our behalf (as our processor), we will make sure that each company that is a part of the Mercuria Group has appropriate security standards in place to protect your personal data. In addition, we will enter into a written contract imposing appropriate security standards on them.
Legal basis for processing
We have legal basis to collect, use and share your information. We will only collect and process information when we have legal basis to do so. Legal basis includes consent (where you have given consent), contract (where processing is necessary to fulfil contractual obligations (e.g. to provide you with the services you have purchased) and legitimate interest.
If you have any questions about the legal basis we use to process your information, please contact us at: email@example.com.
We retain your information while you use our services, after you use our services and / or as needed to conduct our business and to meet regulatory, legal and accounting requirements. This includes data you or others provide to us and data generated or inferred from our business with you.
Mercuria takes security of all data, especially your personal information, seriously. We have done our best to protect your information from any unauthorized access or loss by implementing security features and procedures. You should, however, be aware that the transmission of information via the internet is never completely secure. You should also take necessary steps to protect against unauthorized access to your passwords, phone and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess and keeping your log-in and passwords private. We are not responsible for any lost, stolen or compromised passwords or for any activity conducted via unauthorized password activity.
Transfers To Countries That Do Not Provide Adequate Level Of Protection
Mercuria is a global company and information that we collect from or about you within the European Economic Are (“EEA”) may be transferred across international borders and to countries outside of the EEA that do not have laws requiring a reciprocal level of data protection. We as the Data Controller (or Data Exporter) will do our best to ensure that your information is protected no matter where it is transferred. To ensure adequate protection we enter into Data Processing Agreements with our suppliers processing your information outside of the EEA. When necessary we utilize standard contract clauses to ensure the adequate protection of your information.
Third Party Websites
From time to time our website may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies; we do not accept any responsibility or liability for those policies. Please check the data privacy policies of these third parties before you submit any personal data to their websites.
Your Rights As A Data Subject
You as a Data Subject have many possibilities to impact how your personal information is being processed. You can:
- Request access to your information that we process
- Request for your information to be deleted or for your right to be forgotten (right to erasure)
- Request us to correct or change your information.
- Limit, restrict or object to our use of your information
- Subject to applicable law, lodge a complaint with your local data protection authority
Please note that if you request us to remove your information, we may retain some of the information for specific reasons, such as to resolve disputes, troubleshoot problems, and to comply with a law or regulation. Furthermore some information is never completely removed from our databases because of technical constraints and the fact that we regularly back up our systems. Therefore, not all of your personal information can ever be completely removed from our databases.
Identity and Contact Details Of The Data Controller
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree.
Using cookies enables us to:
- Know you when you return to our site
- Know how often and when you have visited our site
- Access traffic source information
- Determine the start and end of a session
- Know the value of visitor-level custom variables
Should you wish to block cookies you can do so by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.