MeRLIN Sourcing’s Service Privacy Policy (“Policy”) describes MeRLIN’s privacy practices for the processing of personal information related to users of MeRLIN’s hosted software applications and related services (collectively, “Solutions”), obtained in connection with the use of the Solutions, where MeRLIN determines the purposes and means of the processing and makes decisions about processing activities.
This Policy does not cover MeRLIN’s personal information processing activities carried out on behalf of our business clients as part of MeRLIN’s services (“Platform”), as such processing is governed by the applicable Data Processing Addendum.
This Policy does not cover any information collected by MeRLIN for marketing purposes, which is governed by our Privacy Policy available at https://merlinsourcing.com/privacy-policy/ .
This Policy applies to MeRLIN Sourcing B.V. and all of its subsidiaries (which we refer to in this Policy as “MeRLIN” or the “Company”) and all of its directors, officers, employees, and contractors (“MeRLIN Team Members”).
“Sensitive Personal Information” refers to a smaller subset of Personal Information that is considered more sensitive to the individual, such as race and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric information, physical or mental health information, or medical insurance data.
Personal Information: Any information that identifies or can be used to identify a User. Common examples of Personal Information include:
Full name
Email address
Digital identity (login name or handle)
Device information
Metadata
Personal data processed by MeRLIN as described in Section 3 (Processing of Personal Information) are collected, accessed, used, and stored (“processed”) by MeRLIN for the purposes of:
This section describes the MeRLIN’s processing of Personal Information about Users and its role in such processing.
In the course of providing services MeRLIN primarily acts as a Data Processor, under the instructions of a MeRLIN Client which acts as a Data Controller, as provided under a Data Processing Addendum.
However, there is a different set of Personal Information processed by MeRLIN as an independent Data Controller.
Regardless of the role in data processing, in the context of service provision, MeRLIN does not request or collect sensitive personal information.
MeRLIN determines the purposes and means of the processing of the below set of Personal Information, and makes decisions about processing activities for the information that Users provide or that MeRLIN collects when they use the Solutions:
| Personal data category | Data Subject | Purpose of processing | Legal basis for data processing |
|---|---|---|---|
| User registration data Name and Surname Business email address Optional fields data Company, job title, etc. |
Supplier users registering with MeRLIN under the MeRLIN Supplier Terms of Use | Allowing Users to access and use the Solutions Storing in as permitted or required to meet MeRLIN’s obligations under applicable law, and in the case, they are required to support the claims management process related to possible legal actions engaged by or against MeRLIN or MeRLIN’s Customers |
Legitimate Interests Performance of a contract to which the data subject is a party Compliance with a legal obligation to which the controller is subject Consent |
| Solutions interaction information and information Collected Through Cookies and Similar Technology: Application logs, IP addresses OS information Browser information Language preferences Navigation activities and Clickstream Data Network data Communication data |
Authorized users accessing Solutions under a customer’s contractual agreement with MeRLIN MeRLIN’s customers’ business contacts, customer’s suppliers MeRLIN’s customers’ current and potential, customer’s suppliers current and potential Supplier users registering with MeRLIN under the MeRLIN Supplier Terms of Use |
Product development and enhancement Security enhancement Fraud or other crime detection and prevention General business operations and due diligence Meeting MeRLIN’s obligations under applicable law Support the claims management process related to possible legal actions |
Legitimate Interests Performance of a contract to which the data subject is a party Compliance with a legal obligation to which the controller is subject Consent |
(a) Information Provided by Users
(b) Information Collected Through the Use of MeRLIN Sourcing B.V.
MeRLIN collects certain information automatically, such as a User’s operating system version, browser type, and internet service provider. MeRLIN also collects information about Users’ interaction with the Solutions, such as creating or logging into accounts, or opening or interacting with the Solutions on mobile devices. The Solutions automatically collect and store this information in service logs. This also includes:
Web portal use details
Internet protocol address
Cookies and similar technology that uniquely identify a browser
The referring web page
Pages visited
MeRLIN may also collect and process information about a User’s actual location. This information may or may not include Personal Information, but MeRLIN may maintain it or associate it with Personal Information it collects in other ways or receives from third parties.
If granted access to a User’s location, MeRLIN may collect information about their location when they use the Solutions. Location can be determined by IP address and information about things near a device, such as Wi-Fi access points and cell towers. The specificity of the location data collected may depend on several factors, including the device in use (e.g., laptop, smartphone, or tablet) and the type of internet connection (e.g., via cable broadband connection, Wi-Fi).
When using the Solutions via a wireless device, MeRLIN may solicit permission to collect location data. If location services are enabled on our mobile application, MeRLIN may collect location data periodically as someone uses or leaves open our mobile application. MeRLIN may associate such location data with the Personal Information a User provides. Depending on the platform used to access our mobile application (e.g., Apple’s iOS, Google’s Android), Users may be able to control whether location data is collected from MeRLIN within “Settings” or other controls on their wireless device and/or mobile application
Some features within the Solutions may only function upon confirmation of a User’s location, and therefore, such features will not be available if a User chooses not to provide their location data to MeRLIN.
Additionally, MeRLIN may collect a User’s unique device ID. MeRLIN may use such information for internal purposes and to provide Users with a better experience, such as to troubleshoot Solution problems. MeRLIN may associate device ID with Personal Information Users provide to us. Users may learn more about opting out of any anonymous device ID collection via the privacy settings available within their mobile device.
(c) Information Collected Through Cookies and Similar Technology
MeRLIN uses various technologies to collect and store information when Users visit one of our Solutions, and this may include using cookies or similar technologies to identify a browser or device. The technologies we use for this automatic data collection may include:
Cookies
Web Beacons
Clickstream Data
Cookies. A cookie is a small file placed on the hard drive of a device. Users may refuse to accept browser cookies by activating the appropriate settings on their browser. However, if this setting is selected, Users may be unable to access certain parts of the Solutions. Unless a browser is adjusted to refuse cookies, the Solutions will issue cookies when a browser accesses our Solutions. Some cookies are required for technical reasons for the Solutions to operate – we refer to these as “essential” or “strictly necessary” cookies. Other cookies could enable us to analyze the performance and use of the Solutions. Other cookies could enable us to target advertising to the interests of our visitors. More specifically, the types of cookies that could be served through the Solutions and their purposes are described below:
“Strictly necessary” cookies must be set to allow us to deliver the Solutions to you and to provide specific services that you request from us.
“Performance” or “Analytics” cookies, which help us to collect information about how visitors use our Solutions and help us analyze and improve the Solutions. Performance or analytics cookies will remain on your computer after you close your browser.
Web Beacons. Pages in the Solutions or e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit MeRLIN to perform simple analysis. For example, web beacons allow MeRLIN to count Users who have visited certain pages or opened an e-mail.
Clickstream Data. Clickstream data is information collected by the Solutions when Users request certain web pages. Clickstream data may include information such as the page served, the time spent viewing the page, the source of the request, the type of browser making the request, the preceding page viewed, and similar information. Clickstream data permits us to analyze how Users arrive at our Solutions, what type of content or activity is popular, and what type of Users in the aggregate are interested in particular kinds of content or activities in the Solutions.
MeRLIN treats Personal Information as confidential, and MeRLIN only accesses Personal Information to provide the Solutions to its Users, fulfill requests related to the Solutions and enhance the use of the Solutions, as described in more detail in Section 2 (Purpose of Processing). MeRLIN does not sell any Personal Information to third parties. MeRLIN will only share Personal Information with third parties in the following circumstances:
When authorized by the User to do so in writing.
When it is reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation, or other legal requirements, including to meet national security or law enforcement requirements.
In the course of any direct or indirect reorganization process, including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets — and in such cases, sharing Personal Information would be subject to applicable laws and regulations such as obtaining prior consent where applicable; or
When necessary, for the prevention or detection of crime (subject in each case to applicable law) or to establish or defend a legal claim.
Additionally, Users may register in the Solutions to be included within MeRLIN’s supplier network (“MeRLIN Supplier Network”) under the MeRLIN Supplier Terms of Use. When registering for the MeRLIN Supplier Network, information will be shared with buyers who are Users as well as third-party service providers and vendors.
MeRLIN will only provide Personal Information to third-party service providers and vendors that are authorized by MeRLIN to provide Solutions on MeRLIN’s behalf and for the purposes described in this Policy, and only when agreements are in place that require each third party to protect the privacy and confidentiality of the personal information that is shared and comply with all applicable privacy and data protection laws.
MeRLIN processes Users’ Personal Information, based on one or more of the following:
Users may have certain rights relating to their Personal Information, subject to local data protection laws. MeRLIN aims to provide Users with choices about how MeRLIN uses their Personal Information, whenever possible. We also aim to provide Users with access to their Personal Information. If a User informs MeRLIN that information requires amendment, we strive to provide ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, Users may obtain a copy of Personal Information MeRLIN maintains about them, or they may update or correct inaccuracies in that information by contacting us. To help protect privacy and maintain security, MeRLIN will take steps to verify a User’s identity before granting access to the information.
MeRLIN commits to resolving requests and complaints related to privacy and our collection or use of Personal Information. You may submit requests or complaints to Varun.dhamodharan@rheincs.com. All Users may update or correct information about themselves by making changes to their profile in the Solutions or by submitting a request via email to Varun.dhamodharan@rheincs.com.
You may also communicate with us at:
MeRLIN Sourcing B.V.
Stationsplein 8K NL-6221BT,
Maastricht,
Netherlands
You may also contact our Data Protection advisory body ActiveMind.AG for any further information regarding the samevia email to rheincs@activemind.de.
activeMind AG
Kurfürstendamm 56
10707 Berlin, Germany
Tel.: +49 (0)30 / 770 19 10 70
https://www.activemind.de/
Please note that we may ask Users to verify their identity and request and/or to provide additional information to verify their request before taking further action on their request. We will not use this additional information for anything other than handling these requests. Users may designate an authorized agent to make a request on their behalf in certain circumstances.
MeRLIN may respond to requests by letter, email, telephone, or any other suitable method. If a User completely deletes all such information, then their account may become deactivated. MeRLIN may retain an archived copy of records as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements, or for other legitimate business purposes.
In some cases, our ability to uphold these rights for Users may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver requested services. Where this is the case, we may inform Users of such dependencies in response to their request.
MeRLIN endeavors to respond to verifiable requests within 30 days of receipt, consistent with applicable laws.
We do not charge a fee to process or respond to a verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will explain why we made that decision and provide a cost estimate before completing the request.
At this time, MeRLIN does not share Personal Information referenced in this Policy with third parties for their direct marketing purposes.
MeRLIN only keeps Personal Information consistent with our legitimate business interests and as permitted and/or required by applicable law and, any timeframes outlined in the applicable contractual agreement with MeRLIN’s Client. We retain Personal Information even after business relationships end if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms of Service, or fulfill a request to “unsubscribe” from further messages from us.
Appendix A to this Policy includes terms specific to certain jurisdictions that may apply to Users. MeRLIN may update the Appendix from time to time, including to address changes in applicable laws without the requirement for notice. Appendix A is incorporated in and constitutes part of this Policy.
If you have any questions relating to this Policy, please contact Varun.dhamodharan@rheincs.com
MeRLIN reserves the right to modify any part of this Policy from time to time. The most up-to-date version can be found on this website.
Rights of Residents of the European Economic Area, United Kingdom, and Switzerland.
The European Economic Area’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the United Kingdom and Switzerland, provide European, Switzerland, and United Kingdom residents with certain rights in connection with Personal Information Users have shared with MeRLIN. Residents in the European Economic Area may have the following rights:
The right to be informed. Users are entitled to be informed of the use of Personal Data (as defined under GDPR). This Policy provides such information.
The right of access. Users have the right to request a copy of their Personal Data which MeRLIN holds.
The right of correction. Users have the right to request correction or changes of the Personal Data if it is found to be inaccurate or out of date.
The right to withdraw consent. Users have the right to withdraw previously given consent for processing their Personal Data for a specific purpose.
The right to be forgotten. Users have the right to request MeRLIN, at any time, to delete their Personal Data from our servers and to erase their Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of Personal Data will likely impact a User’s ability to use our Solutions.
The right to object (opt-out). Users have the right to opt out of certain uses of their Personal Data, at any time.
The right to data portability. Users have the right to a “portable” copy of the Personal Data they have submitted to us. Generally, this means their right to request that we move, copy, or transmit their Personal Data stored on our servers or information technology environment to another service provider’s servers or information technology environment.
The right to refuse to be subjected to automated decision-making, including profiling. Users have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect.
The right to lodge a complaint with a supervisory authority. Users have the right to lodge complaints about our data processing activities by filing a complaint with MeRLIN or with the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
MeRLIN may, directly or indirectly through third parties around the world, process, store, and transfer the information Users provide, including their Personal Information, as described in this Policy. Specifically, the information and Personal Information that we collect may be transferred to, and stored at, a location outside of a User’s jurisdiction. It also may be processed by persons operating outside of a User’s jurisdiction who work for us or one of the organizations outlined in this Policy in connection with the activities outlined in this Policy. When transferring, storing, or processing Users’ Personal Information MeRLIN will take all steps necessary to ensure that Personal Information is treated securely and under this Policy and applicable Data Protection Laws. We have put in place commercially reasonable technical and organizational procedures to safeguard the information and Personal Information we collect on the Solutions. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. If Users are located in the European Economic Area and have questions about their rights, they may also contact the Supervisory Authority of your country of residence (see http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080).
Vetri celebrated three years as CEO of MeRLIN Sourcing in June 2023. His vision spearheaded the transformation of the company internally through modernization and HR transformation and externally with the promise of delivering value to customers and putting them at the heart of the MeRLIN Sourcing business and product development strategy.
Vetri built his career in global software businesses over the last decades. Seasoned professional with a global perspective, spanning the Americas, Europe, and Asia, and a diverse industry background across EPC, Defense, manufacturing, automotive, and life sciences industries.
A firm believer in the principles of doing well by doing good, he won his two awards as the IT Executive of 2014-2015 and 2016-2017 in Europe. He is a highly regarded global thought leader in the IT and cloud software industries and is an active investor/advisor for emerging companies. He is known as a leader who builds and motivates world class teams, champions diversity, and exudes a deep passion for how technology can transform the workplace and empower individuals.
Dr. Werner Breuers completed his studies in chemistry at the RWTH Aachen University with a doctorate. He began his professional career in 1989 as a chemist at Hoechst AG in Frankfurt in the research and development department.
After managerial positions at Hoechst AG, Dr. Breuers took over management of the license and catalyst business at the polyethylene manufacturer Elenac GmbH in Kehl in 1999, which became part of the Basell group a year later. As a member of Basell’s Executive management team, he headed the global Technology Business division based in Milan and most recently served as President of Basell Polyolefins Europe based in Amsterdam.
Dr. Breuers has also been a member of the Board of Management of LANXESS AG since May 14, 2007 and was responsible for the Performance Polymers and Advanced Intermediates business units. His responsibilities and strategic operations also include the functional areas of Global Procurement & Logistics, Innovation & Technology and Industrial & Environmental Affairs. He has been board of several other companies and has also served as trustee of RWTH Aachen University and currently advising and supportinfg the growth of MeRLIN Sourcing in Europe.
Oliver Scheffert is an experienced entrepreneur with a successful completed doctoral program in business administration and a master’s degree in International Business Studies. He held management positions at Microsoft for nearly 13 years, receiving prestigious awards for exceptional leadership and results like the Circle of Excellence Platinum Award. Notably, Oliver led the ISV business unit in Germany to a billion-dollar revenue stream.
He later served as the General Manager/Managing Director at Aparavi Software Europe GmbH and recently founded CNSLT Partners GmbH, a strategy and management consultancy, leveraging his extensive specialist knowledge to help IT companies achieve lasting success.