Last Modified: June 16, 2019
- your “Personal Data” means any information relating to you in identified or identifiable form.
- “Merit” means a statement about your activities and accomplishments that an Organization may submit to Merit.
- “Organization” means any organization which has submitted information about you to Merit so that we can send you merits.
Information we collect
There are five types of information we collect:
- Information from Organizations.
- Information you choose to give us.
- Information we get when you use our Services.
- Information we receive from Apps and Developers.
- Information we receive from other third parties.
Information from Organizations
Information You Choose to Give Us
When you use our Services, we collect the information you choose to share with us. For example:
- When you create an account you provide us with your name, your e-mail address, and a personal password.
- When you fill out forms, give us feedback about the Services, when you post reviews or provide testimonials or when you communicate with us through third party social media sites, or request customer support you are also sharing information with us.
- You may provide us with your date of birth, a photo, or credit card information or other Personal Data for authentication purposes.
- In addition, you may give us permission to use the information contained in your merits so that you may receive advertisements or promotions related to your interests and merits.
Information We Get When You Use Our Services
When you use our Service, certain information is automatically generated and stored about your visits. The type of information gathered this way includes things like
- details about how you’ve used our services.
- device information, such as your web browser type and language.
- access times.
- pages viewed.
- IP address.
- identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
- pages you visited before or after navigating to our website.
Location Based Services
The device you use to access the Service may provide your location to the Service. If you enable the location-based feature on your device, we will automatically receive information about your location when you use the Service. Your device may allow you to deactivate location-based services. If you deactivate location-based services, your device should no longer send information about your location to third parties, including Merit; but be advised that if you turn off location-based services on your device, certain aspects of the Service may not be available to you.
We may engage third party for analytics activities, including as provided for below.
- Google Analytics. We may use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit https://www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to https://tools.google.com/dlpage/gaoptout.
- Mixpanel. We may use services by Mixpanel, Inc. to obtain analytics data regarding users’ interactions with our Services. You may opt-out of Mixpanel’s automatic retention of data that is collected while using the Services by visiting https://mixpanel.com/optout/. To track opt-outs, Mixpanel uses a persistent opt-out cookie placed on your device. Please note that if you get a new computer, install a new browser, erase or otherwise alter the browser’s cookie file (including upgrading certain browsers), you may delete the Mixpanel opt-out cookie
Information We Receive From Apps and Developers.
If you elect to use an App, we may receive information, including Personal Data, that you have provided to the App or that the App may otherwise collect from or about you.
Information We Received From Third Parties (other than Apps or Organizations).
If you log in to the Service using credentials associated with your account at third-party services such as Facebook, LinkedIn or Twitter (each, a “Third Party Service”), you allow Merit to access certain information associated with your account with the Third Party Service. The information you allow us to access may vary according to the privacy settings you establish with the Third Party Service. We encourage you to review the privacy policies of any Third Party Services from which you access the Service.
How We Use Your Information
Personal Data received from an Organization (“Organization Data”) will be used by Merit in accordance with the Organization’s instructions and as required by applicable law. Merit is a processor of Organization Data and the Organization is the controller and is solely responsible for the accuracy, integrity, legality and completeness of the Organization Data. The Organization may, for example, use the Services to grant you a merit, access, modify, export, share and remove Organization Data and otherwise apply its policies to the Services.
Merit uses your information, including information relating to your merits (“Your Merit Data”), in order to provide you with the Service. Here are some of the ways we do that:
- Enabling You to Share Merits. We may use Your Merit Data to confirm your identity so you are able to display a merit to third parties.
- Sending You Communications. We may use e-mail to respond to support inquiries or to share information about our products and services and promotional offers or those of your third parties, including Organization that we think may be of interest to you. Please note: we do not share your e-mail with third parties. If you would like to modify your e-mail or other privacy settings, please click https://app.merits.com/settings.
- Engaging In Transactions. If you are an Authorized User acting on behalf of your Organization, Merit may use your Personal Data such as name, physical address, telephone number, e-mail address to engage in transactions with you, including contacting you about your account or transactions. We may also use your information to bill your Organization for the Service, and to process payments.
- Improving Our Site and Services. We may use your information, including the information gathered as a result of site navigation and electronic protocols and cookies (including third-party cookies) to enhance the safety and security of our Site and Services, to prevent fraud or unauthorized usage, to monitor and analyze trends and usage, to improve the quality of the Site and the Service, to better serve you and enhance your experience with the Site and the Service, and to track marketing campaign responsiveness and evaluate page response rates.
- Billing, Account Management and other Administrative Matters. Merit may need to contact you for invoicing (only if you are an Authorized User), account management and similar reasons. We use account data to administer accounts and keep track of each Organization’s billing and payments.
- Enforcing our Terms of Service and other Usage Policies.
- To investigate and help prevent security issues and abuse.
- As required by applicable law, legal process or regulation.
How We Share Your Information
This section describes how Merit may share and disclose information. Each Organization determines its own policies and practices for the sharing and disclosure of Organization Data and Merit does not control how any Organization or third party chooses to share or disclose Organization Data.
- Organization’s Instructions. Merit will share Organization Information in accordance with an Organization’s instructions and/or any agreement between Merit and the Organization, and in compliance with applicable law and legal process.
- To operate the Service. We may share your Personal Information with service providers who perform services on our behalf (such as providing hosting or maintenance services, managing databases, processing payments, or supporting/improving the features of the Site or the Service). Additional information about the sub-processors we use to support delivery of our Services is set forth https://app.merits.com/subpro.
- Organization Access. Authorized Users and other Organization representatives and personnel may be able to access, modify or restrict access to Organization Data. For example, if you would like to modify, update, or delete a merit, this will be the responsibility of your Organization.
- Third Party Services. An Organization may enable or permit you to enable Third Party Services. When enabled, Merit may share your Personal Information with Third Party Services. Third Party Services are not owned or controlled by Merit and third parties that have been granted access to your Personal Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
For Legal Reasons. We may share information about you if we
reasonably believe that disclosing the information is needed to:
- respond to claims and/or legal process (including subpoenas);
- protect the rights, property, safety of Merit or any other person;
- to prevent or stop any illegal, unethical, or legally actionable activity;
- comply with applicable law or regulation;
- respond to any lawful request by public authorities, including, without limitation, to meet national security or law enforcement requirements;
- to investigate, remedy or enforce our potential Terms of Service violations.
- When Aggregated or Anonymized. We may share aggregated or anonymized information that does not directly identify you with our investors, partners, and other third parties for a variety of business purposes. Such aggregated information may include, among other things, the number of users, countries of residence, average page views per session, and the average length of time as a member.
- During a Change in our Business. If Merit engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Merit’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all of Your Merit Data may be shared or transferred, subject to standard confidentiality arrangements.
- To Enforce our Rights, Prevent Fraud, and for Safety. To protect and defend the rights, property or safety of Merit or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With your Consent, or at your Direction. We will share your information with your consent or at your direction, including if we notify you through the Service that the information you provide will be shared in a particular manner, and you choose to provide such information.
Our Data Retention Policy
Merit will retain Organization Data in accordance with an Organization’s instructions, and as required by applicable law. Please Note: If you or an Organization asks us to delete Organization Data, we will delete such data as soon as reasonably practicable. For more detail about our process should you wish to delete Organization data please contact us at firstname.lastname@example.org. Unless requested by you to delete Merit Data, Merit will retain Merit Data as long as you have an account with us. Once you have deactivated your account, we will only keep your data for the period of time needed for Merit to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Account information. You can review, amend, correct, or delete your account information https://app.merits.com/settings.
- Updating your account will not update information contained within merits. If you would like to change any information relating to your merit, or remove a merit from Merit, you must contact your Organization directly. If you would like us to pass an e-mail message on to your Organization, we would be happy to do so. Please contact us at email@example.com and we will pass that request on to the relevant Organization via e-mail.
- If you ask an Organization to erase your Personal Data, we will delete such data from the Site upon the Organization’s request, as soon as reasonably practicable. However, your Merit account will still remain on the Site until you ask us to erase it.
The Service also provide tools for you to customize the information about yourself that is made accessible to others. Certain information about yourself, such as your full name, will always be visible to other users of the Service, and your decision to use the Service indicates your acceptance of these settings. You should review your privacy preferences regularly, to ensure that the settings match your preferences.
Promotional communications. You may opt out of receiving promotional communications from Merit by following the instructions in those communications. If you opt out, we may still send you other kinds of communications, including those related to your current accounts or your use of the Service.
Advertisements. When you visit our Site, you may see advertisements which are relevant to your interests.
We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
Your California Privacy Rights
Under California Civil Code Section 1798.83, if you are a California resident and your business relationship with Merit is primarily for personal, family or household purposes, you may request certain data regarding Merit’s disclosure, if any, of Personal Information to third parties for the third parties' direct marketing purposes. To make such a request, please send an e-mail message to firstname.lastname@example.org with "Request for California Privacy Information" in the subject line of your email. You may make such a request up to once per calendar year. If applicable, we will provide you, by e-mail, a list of the categories of Personal Information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties’ names and addresses. Please note that not all Personal Information sharing is covered by Section 1798.83’s requirements.
Links to Third-Party Sites
No Use By Minors
Our Service is intended for use by adults only. Merit does not promote the Service to children, and does not intentionally collect any personally identifiable information from children under the age of thirteen (13). If you believe that a person under the age of thirteen (13) has disclosed personally identifiable information through the Service, please report this to us immediately by emailing us at email@example.com, with “Notice of Underage Person” in the subject line of your email, and we will remove such information from our files.
Transfer of Information to Other Countries
Merit is based in the United States. Information that we have collected from or about you may be transferred to countries other than the one in which you reside, including the United States. By submitting your information to Merit via the Service, you consent to such transfers and to the processing and storage of that information in various countries around the world, including countries other than the one in which you reside. If you are located outside of the United States and you choose to provide your information to us, you agree that we have the right to transfer your information to the United States, and process it there.
Complaint, Applicable Law, and Jurisdiction
Additional Clauses for Users in the European Union
If you’re a user in the European Union, you should know that Merit is the controller of Your Merit Data. Your country only allows us to use Personal Information contained in Your Merit Data when certain conditions apply. These conditions are called “legal bases” and, at Merit, we typically rely on one of three:
- Legitimate interest. One reason we might use your information is because we have—or a third party has—a legitimate interest in doing so. For example, we need to use your information to provide and improve our services, including protecting your account, collecting and sharing your merits, providing customer support.
- Consent. In some cases we’ll ask for consent to use your information for specific purposes. If we do, we’ll make sure you can revoke your consent in our services or through your device permissions. Even if we’re not relying on consent to use your information, we may ask you for permission to access data like contacts and location.
- Legal obligation. We may be required to use your Personal Information to comply with the law, like when we respond to valid legal process or need to take action to protect our users.
Your right to object.
You have the right to object to our use of your information. With many types of data, we’ve provided you with the ability to simply delete it if you don’t want us processing it anymore. For other types of data, we’ve given you the ability to stop the use of your data by disabling the feature altogether. You can do these things through the Service. If there are other types of information you don’t agree with us processing, you can contact us at firstname.lastname@example.org.
We may collect your Personal Information from, transfer it to, and store and process it in the United States and other countries outside of where you live. Whenever we share information of EU users outside the EU we make sure an adequate transfer mechanism is in place.
EU-US and Swiss-US Privacy Shield
Merit complies with the EU-U.S. Privacy Shield Framework Principles and the Swiss-U.S. Privacy Shield Framework Principles for Personal Information transferred to the United States from users in the EU and Switzerland. Under these Frameworks, we are subject to the Federal Trade Commission’s enforcement powers. To learn more about Privacy Shield and to view our certification, please click here.
If you have any questions or complaints about how we are complying with the Privacy Shield principles, please contact us at email@example.com. If we are unable to resolve the issue, we have committed to refer unresolved Privacy Shield complaints from EU and/or Swiss individuals to the BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please click here. The services of the BBB EU Privacy Shield are provided at no cost to you.
In certain situations, you may have the right to invoke binding arbitration before a Privacy Shield Panel. To learn more about binding arbitration, see Annex I to the EU-U.S. Privacy Shield and Annex I to the Swiss-U.S. Privacy Shield.
As our mentioned above, we may sometimes share your Personal Information with third parties for processing on our behalf. We are responsible for this third-party processing if it violates the Privacy Shield principles, unless we can show that we were not responsible for the violation.
Note that we may be required to release EU Data in response to requests from public authorities, including to meet national security and law enforcement requirements.
Complaints? If you’re based in the EU, you can always file a complaint with the supervisory authority in your Member State. For example, if you’re based in the UK, you can file a complaint with the Information Commissioner’s Office.
Additional Clauses for Australian Users
If you would like to access or correct the Personal Information which we hold about you, or you have a question or complaint about our use of your Personal Information please contact us at firstname.lastname@example.org. When contacting us please provide as much detail as possible in relation to your question, comment or complaint.
We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need. If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner.
Data Protection Officer
Our Data Protection Officer can be reached at email@example.com.