We are very delighted that you have shown interest in our enterprise. Data protection is a particularly high priority for the management of the Mercury.ai UG. The use of the Internet pages of the Mercury.ai UG is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, company, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Mercury.ai UG. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, the Mercury.ai UG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

Legal basis for Processing

1. mercury.ai UG (haftungsbeschränkt) (hereinafter referred to as "provider") offers a messaging service for interactions between companies (“Company”) and end users (“you” or “end user”) (hereinafter referred to as "services") in connection with messenger platforms and/or to any other digital communication platforms (“platforms”).

2. This document only relates to personal data transmitted to provider in the course of providing services. For any contractual relationship and data protection issues between the end user and the platform, please refer to the privacy policy of the relevant platform. The use of their services is governed by their own terms and privacy policies. For any contractual relationship and data protection issues between the end user and company using the provider’s services please refer to the privacy policy of the relevant company. The use of their services is governed by their own terms and privacy policies.

3. The provider does not offer services to end users who are under 13 years old. If provider become aware that an end user is under the age of 13 years, provider will cease to provide the services.

4. The provider does not claim any ownership rights upon the end user’s content. end user must have the necessary rights to such information and content which he submits through and the right to grant the following rights and licenses to provider. By transmitting any information and content via the services the end user hereby grants the provider the non-exclusive, worldwide, royalty-free, sub-licensable right to use, modify, transmit, store, archive, display and publish the content for the purpose of providing the services.

5. All rights which may arise from the metadata, models and qualitative as well as quantitative analysis of the information and content sent through the Services (together “Metadata”) will lie or remain unlimitedly with the provider. Metadata includes, but is not limited to information about how the end user uses the services, log files, diagnostic, crash, performance logs and reports as well as time end user last used the services. Metadata will be anonymized in a way that provider is not able to attribute the data to a specific end user.

6. The parties shall observe the applicable data protection law. The end user agrees that personal data which is required for providing the services can be stored and processed. As soon as end user deletes content or information finally delivered through the services, such content and information will also be deleted from provider’s servers.

7. The end user agrees that provider collects and stores information about how the end user uses the services, end user’s log files, diagnostic, crash, performance logs and reports, information about the end user’s device, hardware model, operating system, browser, shortened IP address, language preferences, online status, results of semantic analysis, time end user last used the services. Such information will be anonymized by provider in a way that provider is not able to attribute the data to a specific end user.

8. Provider uses data of end users in order to provide and improve the services, including providing customer support, and fixing, customizing, evaluating the services as well as researching, developing and testing new services and features. Moreover, provider uses the data to conduct troubleshooting activities, to investigate suspicious activity or violations and to ensure that the services are being used legally. Provider allows companies to use the services for order, transaction, and appointment information, delivery and shipping notifications, product and service updates, and marketing.

9. The end user may withdraw his consent by writing an email to the provider to terms@mercury.ai. If withdrawal of such consent makes providing the services impossible, provider has the right to cease the services.

10. Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Right of access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

Right to erasure right to be forgotten

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employees of the Mercury.ai will arrange the necessary measures in individual cases.

Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

Mercury.ai shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If the Mercury.ai processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Mercury.ai to the processing for direct marketing purposes, the Mercury.ai will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the Mercury.ai for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. In order to exercise the right to object, the data subject may contact any employee of Mercury.ai. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Right of restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: