Easy Merlin International Website Privacy Policy

Introduction

Easy Merlin International respects your privacy and is committed to protecting your personal data. Our Privacy Policy will help you understand what information we collect and process through this Easy Merlin International website, how we protect and use it, and what choices you have regarding your personal data.

When we refer to “Easy Merlin International” within this Privacy Policy, we are referring to Easy Merlin International Limited, 303 Aarti Chambers, Victoria, Mahe, Seychelles, the organisation which provides this website, and any services or features which may be made available to you from this website.

Data Protection Framework for this Privacy Policy

Easy Merlin International is based in the Seychelles. However, as our servers are based in London, UK, and in accordance with GDPR compliance, we have registered with the Information Commissioner’s Office (ICO) as a Data Controller under the UK Data Protection Act 1998. We have also aligned our Privacy Policy with the EU General Data Protection Regulation (“GDPR”), which came into effect on 25th May 2018, under the supervision of the ICO within the UK.

Easy Merlin International has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for activities related to this website, and these are available upon request from Easy Merlin International’s Data Protection Officer (see Section 12).

Purpose of this Privacy Policy

This privacy notice aims to give you information on how Easy Merlin International collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter or request a demo.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Data Controller

Easy Merlin International is the controller and is responsible for your personal data (collectively referred to as “Easy Merlin”, “Merlin”, “we”, “us” or “our” in this privacy notice).

We have appointed a Data Protection Officer who is responsible for addressing any questions related to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Protection Officer using the details set out at the end of this document.

1. Customer and Citizen Data

You may choose to provide us with your personal information through this website if you are seeking more information, requesting to attend a demonstration, or for other similar purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are taking affirmative action by providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

1.1 How is data collected

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data includes first name, last name, and title.
• Contact Data includes address, email address and telephone numbers.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Usage Data includes information about how you use our website, products and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

We use different methods to collect data from and about you, including through:

1.1.1 Direct interactions

You may provide us with your Identity and Contact information by filling out online forms or by corresponding with us via phone, email, online chat (TAWK), or otherwise. This includes personal data you provide when you:

• Request a demo of our products or services.
• Request marketing to be sent to you.
• Chat with team members directly using mobile and online communication channels or through our website.
• Enter a competition, promotion or survey; or
• Give us some feedback.

1.1.2 Automated technologies or interactions

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

1.1.3 Third parties or publicly available sources

We may receive personal data about you from various third parties and public sources as set out below:

• Technical Data from the following parties:
  • Analytics providers such as Google are based outside the EU;
  • Search information providers based both inside and outside the EU.

1.2 How we use your personal data

Easy Merlin International will only use your personal data when permitted by law and only for the purposes for which you have submitted it to us. Most commonly, we will use your personal data in the following circumstances: to (a) provide information to you, (b) make contact with you, (c) provide contracted services to you, (d) maintain the operations and security of the website and services we provide to you, (e) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and (f) Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data, except in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

1.3 Promotional offers from us

We may use your Identity, Contact, Technical and Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we determine which products, services, and offers may be relevant to you (we refer to this as marketing).

You will receive marketing communications from us if you have requested information from us or purchased services from us, or if you provided us with your details when you entered a competition or registered for a promotion, and, in each case, you have not opted out of receiving that marketing.

1.4 Change of purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

1.5 Data storage

We will, at all times, handle and store your personal data in accordance with industry best practices aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our own personnel and authorised third parties (see Section 5), as well as the technical controls we have implemented to prevent unauthorised access, compromise, or theft of information from our applications, supporting computer systems, and premises.

2. Sensitive Personal Data

GDPR specifies a set of personal data categories that are considered “sensitive” and require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from Easy Merlin International’s Data Protection Officer (see Section 12).

3. Children’s Personal Data

This website, and any services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact Easy Merlin International’s Data Protection Officer (see Section 12) immediately so that we can take appropriate action.

4. Customer and Citizen Data Rights

As prescribed within data protection regulations, you have specific rights connected to the provision of your personal data to Easy Merlin International using this website. These include your rights to request we:

• Confirm to you what personal data we may hold about you, if any, and for what purposes
• Change the consent which you have provided to us in relation to your personal data
• Correct any inaccurate or incomplete personal data which we may hold about you
• Provide you with a complete copy of your personal data so you can move elsewhere
• Stop the processing of your personal data, whilst an objection from you is being resolved
• Permanently erase all your personal data promptly, and confirm to you that this has been done (there may be reasons why we may be unable to do this)

To contact Easy Merlin International, please see Section 12 below.

4.1 Exercising your rights

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

4.1.1 What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to request further information related to your request, which will help us expedite our response.

4.1.2 Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have submitted multiple requests. In this case, we will notify you and keep you updated.

If Easy Merlin International does not address your request or fails to provide you with a valid reason why we have been unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via their website (www.ico.org.uk) or by telephone at +44 (0) 303 123 1113.

5. Declaration of Processing and Sub-Processing

To make an informed decision on whether to provide your personal data to EasyMerlin International using this website, we need to make you aware of the following organisations that act as Data Processors for us in the provision of our services to you:

• EVC Marketing (processor) based in the United Kingdom and Barbados, processes data for marketing purposes, including arranging demonstrations and client liaison on behalf of Easy Merlin International. EVC Marketing is registered with the Information Commissioner’s Office for the UK Data Protection Act with registration number A8253934.
• QuickMerlin Pty. Ltd. (processor) based in South Africa who processes data for training, service implementation, product development, and support purposes on behalf of Easy Merlin International.
• Ithaca Management Services Limited, based in Mauritius, processes data for training, service implementation, product development, and support purposes on behalf of Easy Merlin International.
• Merlin Software Services Limited, based in the United Kingdom, processes data for training, service implementation, product development, and support purposes on behalf of Easy Merlin International.
• Mailchimp (sub-processor), based in the USA, processes data for email communication.

We require all third parties to respect the security of your personal data and to handle it in accordance with applicable laws. We do not permit our third-party service providers to use your personal data for their own purposes. Instead, we only allow them to process your personal data for specified purposes and in accordance with our instructions.

The activities within which each of these Data Processors participates have been recorded within the applicable Easy Merlin International Privacy Impact Assessment records (also known as Data Protection Impact Assessments under GDPR), and these are available upon request from Easy Merlin International’s Data Protection Officer (see Section 12).

6. Website Cookies

This Easy Merlin International website uses cookies to record log data. We use both session-based and persistent cookies, dependent upon how you use or interact with this website.

Cookies are small text files sent by us to your computer, and from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only as long as your browser is open and are automatically deleted when you close your browser session. Persistent cookies last until you or your browser deletes them, or until they expire.

We use cookies that are not specific to your account but are unique, allowing us to undertake website analytics and customisation, among other similar activities. If you decide to disable some or all cookies, you may not be able to use certain functions on our website. We may use third-party cookies, such as Google Analytics. You can opt out of these cookies by visiting their website.

You can view our cookie policy here.

7. External Links

This Easy Merlin International website may include relevant hyperlinks to external websites not controlled by us. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents, which may be subsequently provided to you.

You are advised, therefore, that your use of external links is at your own risk, and we cannot be responsible for any damages or consequences from your use of them.

8. International Transfers

We transfer your personal data outside the European Economic Area (EEA), namely to the USA, Mauritius, Seychelles and South Africa.

We share your personal data within our group of companies, which involves transferring your data outside the European Economic Area (EEA).

We are subject to the provisions of the General Data Protection Regulation, which protects your personal data. When we transfer your data to third parties outside the EEA, we will ensure that certain safeguards are in place to maintain a similar degree of security for your personal data. As such:

• We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
• If we use US-based providers that are part of the EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
• When we use service providers established outside the EEA, we may employ specific contracts, codes of conduct, or certification mechanisms approved by the European Commission, which provide personal data with the same level of protection as it has in Europe.

If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have established procedures to address any suspected personal data breaches and will notify you and any applicable regulator of a breach where required by law.

10. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available upon request from us by contacting us.

10.1 Changes to this Privacy Policy

We may change this Easy Merlin International Privacy Policy from time to time, and if we do we will post any changes on this page. If you continue to access this website or use services available from this website after those changes have come into effect, you will have agreed to the revised policy.

This Easy Merlin International Privacy Policy is version 1.2 and was released on June 1st 2025. You are advised to download or print a copy and retain it for your records.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

11. Contacting Easy Merlin International

If you have any questions about this Privacy Policy, would like to exercise any of your statutory rights, or to make a complaint, please write to:

The Data Protection Officer (Privacy Policy)

Easy Merlin International
C/O Acclime Limited
303 Aarti Chambers
Victoria
Mahe
Seychelles

DPO@quickmerlin.com