Mercury Logo - Full version with bubbles and lettering "Mercury.ai" Conversational AI Platform

Solutions

Platform

Resources

Company

Prices

Book a demo

Privacy Policy of Mercury.ai GmbH

Privacy Policy of Mercury.ai GmbH

We are very pleased about your interest in our company. Data protection is of particularly high importance to the management of Mercury.ai GmbH. In principle, using the websites of Mercury.ai GmbH is possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, company, email address, or telephone number of a data subject, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Mercury.ai GmbH. By means of this privacy policy, our company wishes to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by this privacy policy.

As the controller, Mercury.ai GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.

Legal Basis for Processing

  1. Mercury.ai GmbH (hereinafter referred to as the "Provider") offers a messaging service for interactions between businesses ("Businesses") and end users ("You" or "End Users") (hereinafter referred to as the "Services") in connection with messenger platforms and/or other digital communication platforms ("Platforms").

  2. This document refers only to personal data transmitted to the Provider in the course of providing services. For all contractual relationships and data protection issues between the End User and the Platform, reference is made to the privacy policy of the respective Platform. Use of their services is subject to their own terms of use and privacy policies. For all contractual relationships and data protection issues between the End User and the Business using the Provider's services, reference is made to the privacy policy of the respective Business. Use of their services is subject to their own terms of use and privacy policies.

  3. The Provider does not offer services to end users under the age of 13. If the Provider discovers that an end user is under 13 years old, the Provider will cease providing the services.

  4. The Provider claims no ownership rights in the End User's content. The End User must have the necessary rights to the information and content they submit and have the right to grant the Provider the following rights and licenses. By submitting information and content through the Services, the End User hereby grants the Provider the non-exclusive, worldwide, royalty-free, sublicensable right to use, modify, transmit, store, archive, display, and publish the content for the purpose of providing the Services.

  5. All rights that may arise from metadata, models, and qualitative and quantitative analyses of the information and content sent via the Services (collectively "Metadata") reside or remain unconditionally with the Provider. Metadata includes, but is not limited to, information about how the End User uses the Services, log files, diagnostic, crash, and performance logs and reports, and the time the End User last used the Services. Metadata is anonymized in such a way that the Provider cannot assign the data to a specific End User.

  6. The parties are obliged to comply with applicable data protection laws. The End User agrees that personal data required for the provision of the Services may be stored and processed. Once the End User deletes content or information that has been permanently provided via the Services, that content and information will also be deleted from the Provider's servers.

  7. The End User agrees that the Provider may collect and store information about how the End User uses the Services, as well as the End User's log files, diagnostic, crash, and performance logs and reports, information about the End User's device, hardware model, operating system, browser, truncated IP address, language settings, online status, results of semantic analysis, and the time the End User last used the Services. This information is anonymized by the Provider in such a way that the Provider cannot assign the data to a specific End User.

  8. The Provider uses the End User's data to provide and improve the Services, including providing customer support, troubleshooting, customization, evaluating the Services, and researching, developing, and testing new services and features. In addition, the Provider uses the data to fix errors, investigate suspicious activity or violations, and ensure that the Services are used lawfully. The Provider enables Businesses to use the Services for order, transaction, and appointment information, delivery and shipping notifications, product and service updates, and marketing.

  9. The End User can withdraw their consent by writing an email to the Provider at terms@mercury.ai. If the withdrawal of such consent makes the provision of the Services impossible, the Provider has the right to terminate the Services.

  10. Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, when processing operations are necessary for the supply of goods or the provision of another service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above-mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Right of Access

Every data subject has the right granted by the European legislator to obtain from the controller, at any time, free information about their stored personal data and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing

  • the categories of personal data concerned

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations - if possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period - the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing - the existence of the right to lodge a complaint with a supervisory authority - where the personal data are not collected from the data subject, any available information as to their source - the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and - at least in those cases - meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject. Furthermore, the data subject has the right to be informed whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to avail themselves of this right of access, they may, at any time, contact an employee of the controller.

Right to Erasure - Right to be Forgotten

Every data subject has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller is obligated to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

  • The data subject withdraws consent on which the processing is based according to Article 6(1) lit. a of the GDPR, or Article 9(2) lit. a of the GDPR, and where there is no other legal ground for the processing. The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR. The personal data have been unlawfully processed. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR. If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by Mercury.ai, they may, at any time, contact an employee of the controller. The employee of Mercury.ai will arrange for the erasure request to be complied with immediately. Where the controller has made the personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employee of Mercury.ai will arrange the necessary measures in individual cases.

Right to Object

Every data subject has the right granted by the European legislator to object, on grounds relating to their particular situation, at any time, to the processing of personal data concerning them which is based on Article 6(1) lit. e or f of the GDPR. This also applies to profiling based on these provisions.

Mercury.ai will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

If Mercury.ai processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Mercury.ai processing for direct marketing purposes, Mercury.ai will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to their particular situation, to object to processing of personal data concerning them by Mercury.ai for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. To exercise the right to object, the data subject may contact any employee of Mercury.ai. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use their right to object by automated means using technical specifications.

Routine Erasure and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Right to restriction of processing Every data subject has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data. The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims. The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

  • If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by Mercury.ai, they may at any time contact an employee of the controller. The employee of Mercury.ai will arrange the restriction of the processing.

Right to Data Portability

Every data subject has the right granted by the European legislator to receive the personal data concerning them, which was provided to a controller, in a structured, commonly used, and machine-readable format. They have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to Article 6(1) lit. a of the GDPR or Article 9(2) lit. a of the GDPR, or on a contract pursuant to Article 6(1) lit. b of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. To assert the right to data portability, the data subject may at any time contact an employee of Mercury.ai.

Name and Address of the Controller

The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:

Mercury.ai GmbH

Alfred-Bozi-Str. 18
33602 Bielefeld
Germany

Phone: +49 521 963 77654
Email: hi/at/mercury.ai
Website: https://mercury.ai

Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

ARTANA Digital GmbH
Prof. Dr. Christian Rauda
Alstertwiete 3
20099 Hamburg
privacy@artana.law

Name and address of the data protection complaint authority in NRW: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, Phone: 0211/38424-0, Email: poststelle@ldi.nrw.de, Website: https://www.ldi.nrw.de/

Any data subject may, at any time, contact our Data Protection Officer or the data protection complaint authority directly with all questions and suggestions concerning data protection.

Cookies

The websites of Mercury.ai GmbH use cookies. Cookies are text files that are stored and saved on a computer system via an internet browser. Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to differentiate the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID. Through the use of cookies, Mercury.ai GmbH can provide the users of this website with more user-friendly services that would not be possible without setting cookies.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. For example, the user of a website that uses cookies does not have to enter their access data each time they visit the website, because this is taken care of by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the internet browser used, and may thus permanently object to the setting of cookies. Furthermore, already set cookies may be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

Collection of General Data and Information

The website of Mercury.ai GmbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. The following may be collected:

  1. the browser types and versions used,

  2. the operating system used by the accessing system,

  3. the website from which an accessing system reaches our website (so-called referrers),

  4. the sub-websites,

  5. the date and time of access to the website,

  6. an Internet Protocol address (IP address),

  7. the internet service provider of the accessing system, and

  8. any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, Mercury.ai GmbH does not draw any conclusions about the data subject. Rather, this information is needed to:

  1. deliver the content of our website correctly,

  2. optimize the content of our website as well as its advertisement,

  3. ensure the long-term viability of our information technology systems and website technology, and

  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

Therefore, Mercury.ai GmbH analyzes anonymously collected data and information statistically, with the aim of increasing data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Contact via the Website

Due to statutory regulations, the website of Mercury.ai GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes the provision of first name, last name, telephone number, company, and a general address of so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

Data protection for applications and in the application process: The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by email or by means of a web form on the website to the controller. If the controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller oppose the erasure. Other legitimate interest in this relation is, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).

CloudFront Content Delivery Network

We use a Content Delivery Network (CDN) offered by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States. CloudFront is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law. A CDN is a service that helps to deliver content from our online offering, in particular large media files such as graphics or scripts, faster with the help of regionally distributed servers connected via the internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN. The use is based on our legitimate interests, i.e., interest in a secure and efficient provision, analysis, and optimization of our online offering pursuant to Art. 6(1) lit. f GDPR. For more information, please see the CloudFront privacy policy: https://aws.amazon.com/de/compliance/gdpr-center/

Data Protection Provisions on the Use and Application of Facebook, Instagram, and WhatsApp

We use META platforms, including Facebook, Instagram, and WhatsApp, to provide our services. This involves the collection and processing of certain personal data in compliance with the GDPR and META's privacy requirements. For more information about META's privacy practices, please refer to their privacy policy at https://www.facebook.com/about/privacy.

We collect and process the following types of personal data from META platforms:

Facebook and Instagram:

  • Account name: First and last name as displayed on Facebook and Instagram.

  • Timezone: To personalize interactions based on the user's local time.

WhatsApp:

  • Phone number: To facilitate communication and provide support.

  • Account name: The display name of the WhatsApp account.

How to Request the Deletion of Your Data

To request the deletion of your personal data, you can either use our chatbot or contact us via email. In the chatbot on Facebook, Instagram, or WhatsApp, you can enter the command "Delete my data" or a similar phrase, which will automatically initiate the data deletion process. Once the process is complete, you will receive a confirmation message. Alternatively, you can send an email with the subject line "Data Deletion Request" to hi/at/mercury.ai, providing your full name, the platform you used, and the corresponding account details for verification. We will acknowledge your request within five business days and complete the deletion within 14 days. Once your data is deleted, you will receive a confirmation email. If you do not receive this confirmation, you can contact us using the contact details provided.

What Data We Process

  • Account name (as displayed in your LinkedIn profile)

  • Public profile URL, job title, profile photo

  • Timezone and language settings for personalized communication

  • Interactions (e.g., comments, reactions, messages) on our profile

  • Technical information such as IP address, device/browser, timestamp of the profile visit

Data Protection Provisions on the Use of Google Workspace

We use Google Workspace, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to provide email, calendar, storage, video conferencing, and collaboration services. When accessing or using these services, personal data (e.g., names, email addresses, communication content, device and log data) are transmitted to Google and processed there.

Data Protection Provisions on the Deployment and Use of HubSpot

HubSpot, Inc. ("HubSpot"), 25 First Street, Cambridge, MA 02141 USA, to implement marketing campaigns, manage customer and partner data, and for contact management measures. HubSpot has joined the Data Privacy Framework Program concluded between the European Union and the USA and is certified accordingly. Consequently, HubSpot has committed to complying with the standards and regulations of European Data Protection Law. Find more detailed information about the Data Privacy Framework Program and its validity. For more information about HubSpot's privacy policy, please visit: https://legal.hubspot.com/de/privacy-policy

Data Protection Provisions on the Deployment and Use of Website Visitor Tracking (Company Identification) and Re-Identification after Clicking on Email Links

If you consent in the cookie banner, we use Venta AI to process online identifiers (in particular IP address information) and website usage data (e.g., pages viewed, time, referrer) to identify the company/organization from which a visit originates and to generate evaluations at the company level.

Processed data: Online identifiers (in particular IP address, cookie ID, device and browser information), usage data (e.g., pages viewed, files accessed, date and time of access, duration of visit, frequency of visits, referrer URL), as well as information derived from this data regarding company/organizational affiliation (e.g., company name, industry, company headquarters).

If you receive an email from us and click a link, we can recognize the click and associate subsequent website activity with the respective contact. Links may contain an identifier for this purpose (e.g., tracking parameters). If cookies have been accepted, the association may persist across sessions until cookies are deleted or consent is withdrawn.

  • Purposes: Website optimization as well as B2B marketing/sales, success measurement of emails, and follow-up/support.

  • Legal basis: Consent (Art. 6(1) lit. a GDPR) and § 25(1) TDDDG. Opt-out via the cookie widget and, if available, the unsubscribe link in our emails, consent (Art. 6(1) lit. a GDPR) (plus ePrivacy rules where applicable). Opt-out via the cookie widget and, if available, the unsubscribe link in our emails.

  • Recipient: Venta AI (april.eleven GmbH, Am Kartoffelgarten 14, 81671 Munich)

Data Protection Provisions on the Deployment and Use of Google Analytics

Google Analytics is a web analytics service provided by Google LLC, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The service helps companies analyze user behavior, interaction, and traffic on their websites and applications. Google Analytics complies with the GDPR to ensure the privacy and security of user data: https://policies.google.com/privacy.

Deployment and Use of Google Tag Manager

Google Tag Manager is a tag management system provided by Google LLC, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The service allows companies to manage and deploy tracking codes and marketing tags on their websites and applications without having to modify code. Google Tag Manager adheres to the guidelines of the GDPR to ensure privacy and security: https://policies.google.com/privacy.

Data Protection Provisions on the Deployment and Use of LinkedIn

LinkedIn is a platform for professional networking owned by Microsoft Corporation. The platform's headquarters is located at 1000 W Maude Ave, Sunnyvale, CA 94085, USA. LinkedIn allows users to connect with other professionals worldwide, share content, and discover job opportunities. LinkedIn is committed to maintaining privacy and protecting user data in accordance with the requirements of the GDPR: https://www.linkedin.com/legal/privacy-policy.

Data Protection Provisions on the Deployment and Use of Google Fonts

Our website uses Google Fonts, a service provided by Google, to ensure a consistent and visually appealing presentation of text. When you access a page of our website, your browser may request font files from Google's servers, which could result in your IP address and other technical information being collected. For more information on how Google handles data, please refer to Google's privacy policy at https://developers.google.com/fonts/faq/privacy, https://policies.google.com/privacy

Data Protection Provisions on the Use and Application of WhatsApp

WhatsApp is a cross-platform messaging and Voice-over-IP (VoIP) service owned by Facebook Inc. The company's headquarters is located at 1601 Willow Rd, Menlo Park, CA 94025, USA. With WhatsApp, users can send text messages, voice messages, photos, and videos, as well as make voice and video calls. WhatsApp is committed to complying with the GDPR and ensuring the privacy and security of user data: https://www.whatsapp.com/legal/privacy-policy

Live in Bielefeld · 10. Juni

KI im Mittelstand

Das kompakte Event für Entscheider:innen. 3 Perspektiven, 20 Plätze.

Details & Anmeldung