Last Updated: 5 December 2024
Merlin Media Limited (“Merlin,” “we,” “our,” and/or “us”) values the privacy of individuals who use our application, websites, and related services (collectively, our “Services”). This privacy policy (the “Privacy Policy”) explains how we collect, use, and disclose information from users of our Services (“Users”). By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. It also informs you about your rights and choices with respect to your personal information, and how you can contact us if you have any questions or concerns. Beyond the Privacy Policy, your use of our Services is also subject to our Terms of Service.
In this Privacy Policy, “personal information” means any information related to an identified or identifiable individual, and does not include aggregated data or data whereby personally identifiable information has been removed (such as anonymous data). Personal information also includes both Registration Information and Meeting Content Information. “Registration Information” means personal information used to create an account for our Services, which includes your first and last name, and email address. “Meeting Content Information” means certain personal information we collect from you or create for you when you use the Services, including meeting content, names and emails of meeting attendees and other meeting information on your Google calendar.
Please read this Privacy Policy carefully so that you understand your rights in relation to your personal information, and how we will collect, use and process your personal information. If you do not agree with this Privacy Policy, our Terms of Service or any part thereof, you should not access or use any part of our Services, or otherwise provide us with your personal information. If you change your mind in the future, you must stop using our Services and you may exercise your rights in relation to your personal information as set out in this Privacy Policy.
Merlin is the entity responsible for the processing of your personal information, and for the purpose of the European Union’s General Data Protection Regulation, is the data controller in respect of the processing of your personal information. Where we have an arrangement in place with a customer who is encouraging you to use our Services (for example, your employer or another business or organization), we in some circumstances obtain and process your personal information on behalf of and at the instructions of such a customer. Such customers will be considered as the data controllers under the European Union’s General Data Protection Regulation and we will be considered as the data processors. Their privacy policies will apply to the processing of your information and we encourage you to read their privacy policies.
We may collect a variety of information from or about you or your devices from various sources, as described below.
Profile Information. You provide us with Registration Information when you connect to our Services using third-party login options such as Google, or a single sign-on (“SSO”). At account registration, our Services will link to your Google Calendar. If you sign up for notifications or updates, or participate in our surveys, we may ask you for your name, email address, and job title or role.
Communications. If you contact us directly, we may receive additional personal information about you. For example, when you contact us, we will receive your name, email address, the contents of a message or attachments that you may send to us, and other information you choose to provide. If you subscribe to our newsletter, then we will collect certain information from you, such as your email address. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services. You may opt-out or unsubscribe from these emails at any time by clicking the “Unsubscribe” link in the email.
Device Information. We receive information about the device and software you use to access our Services, including IP address, web browser type, operating system version, application installations, and device identifiers.
Usage Information. To help us understand how you use our Services and to help us improve them, we automatically receive information about your interactions with our Services, like the number of times you review the insight brief.
Meeting Information. When you use our Services to conduct research on meetings, we receive information about those meetings, such as the date and time of the meeting and the parties’ names, attendee identifiers, and email addresses. Please note that the contents of the meeting may also contain the personal information of other meeting participants, such as your co-workers or individuals from other organizations.
As a data controller, we do not collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data nor do we collect any information about criminal convictions and offenses. If this type of data is discussed in your meeting, you are the controller of this data and such data will be considered Meeting Content Information. You must have a proper legal basis to collect such data.
Information from other Users of our Services. We may receive personal information about you when a User uses our Services to send you an invite to join a meeting. This information may include your name and email address, as well as the contents of the meeting including the meeting information contained in the calendar invitation.
Information from third party services. When you link our Services to a third party service, such as Google, we will receive personal information about you, including your name, email address, calendar and meeting information (such as meeting title, date, time, location, meeting join URL and attendees), profile information, and photo. Please note that linking a Google Calendar account is core to our Services and without linking a Google Calendar, you will not be able to successfully use our Services.
Other third parties. We may receive additional information about you, such as usage data from third parties such as vendors, and other marketing partners and combine it with other information we have about you.
Please note that personal information collected by a third party in this manner is subject to that third party’s own data collection, use, and disclosure policies. Please see the “Third Parties” section below for more information.
We use the information we collect:
Vendors and Service Providers. We may disclose any information we receive with vendors and service providers retained in connection with the provision of our Services. We disclose Meeting Content Information with a limited number of service providers and vendors solely to help us provide and deliver the Services to you.
Third Party App Integrations. When you connect a third party application such as Google or any other compatible third-party conferencing application to our Services, we may share information such as your meeting brief with that third party. Please note that you will not be able to successfully use our Services without connecting your Google calendar to our Services.
Marketing. We do not sell, or share your personal information with non affiliated companies for their own direct marketing purposes, unless we have your permission. We do not sell Meeting Content Information or information about your meeting attendees to anyone.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your personal information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order, subpoena or other legal process; (b) respond to your requests; (c) detect and investigate security incidents and potentially illegal or prohibited activities; or (d) protect your, our, or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through the Services.
Merger, Sale, or Other Asset Transfers. We may transfer your personal information to advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets or stock. The use of your personal information following any of these events will be governed by the provisions of this Privacy Policy in effect at the time the applicable information was collected.
Consent. We may also disclose your personal information with your permission.
We store all personal information for as long as necessary to fulfill the purposes set out in this Privacy Policy, or for as long as we are required to do so by law or in order to comply with a regulatory obligation. When deleting personal information, we will take measures to render such personal information irrecoverable or irreproducible, and the electronic files which contain personal information will be permanently deleted.
You can delete your Merlin account at any time by sending an email to insights@merlinmedia.ai. If you no longer use our Services, your account and the personal information in it will remain unless you inform insights@merlinmedia.ai. If we receive an account deletion request, we will use commercially reasonable efforts to delete your Meeting Content Information and personal information within 30 days of your account deletion request, although we cannot guarantee that deletion will always occur within this timeframe. However, if we are legally required to retain that information under applicable laws, we will retain your personal information, subject to the “Data Retention” Section above, but we will take measures to pseudonymize it.
If you deauthorize Merlin through your Google account settings, your Merlin account will be disabled until you reconnect your Google Calendar account. As noted above, linking a Google Calendar account is core to our Services and without a linked a Google Calendar, you will not be able to successfully use our Services.
Please note that, if you use our Services through a business account of one of our customers, for example your employer or another business or organization, their privacy policies will apply to the processing and deletion of your information. We will not be able to delete the personal information on the business account on your request. If you have questions about your privacy on the Services or this Privacy Policy, please contact us at insights@merlinmedia.ai.
Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.
We make reasonable efforts to protect your information by using reasonable physical, technical, organizational and electronic safeguards designed to improve the security of the information we maintain. However, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.
We do not knowingly collect, maintain, or use personal information from children under the age of 18, and no part of our Services is targeted or directed to children. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we may delete such information. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information on our website and/or our Services without their permission. If you learn that a child under the age of 18 has provided us with personal information in violation of this Privacy Policy, then you may alert us at insights@merlinmedia.ai. We will take reasonable steps to delete that information as quickly as possible.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
If you would like to unsubscribe from any promotional emails we send you, you can also click on the ‘unsubscribe’ button at the bottom of the email or uncheck the marketing consent box in Account Settings.
How to Complain. We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
We may transfer your personal information to the USA. This is for the purpose of enabling our third party service providers to access and process the data on our behalf.
The USA does not have the same data protection laws as the United Kingdom and European Economic Area. Whilst the European Commission has not given a formal decision that the USA provides an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to safeguards as specified in the General Data Protection Regulation that are designed to help protect your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. Some US-based providers are certified under the EU-US Privacy Shield, a mechanism which permits transfer of personal data to companies in the US who have certified that they meet privacy norms akin to those in the EU. Other processors use so-called ‘model clauses’ in their contracts, which give individual data subjects rights in respect of the provider’s processing of the data and requires the provider to meet certain EU-mandated standard. A description of the
EU-US Privacy Shield is available here - https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
A description of the Model Clauses is available here - https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
We will not otherwise transfer your personal data outside of the United Kingdom or European Economic Area.
We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or disclose personal information previously collected from you through the Services, we may notify you through the Services, by email, or other communication. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.
If you have any questions, comments, complaints or concerns about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please email us at insights@merlinmedia.ai. We will endeavor to respond to your query as soon as possible.