Updated: 2022-09-26
Mercuri International – Privacy & Cookie Policy
Mercuri International Group AB (Mercuri) are very grateful that you want to participate in our privacy and cookies policy.
In this policy, we want to inform you about the type, scope and purpose of collecting personal information when you are in contact with Mercuri. You should be confident that Mercuri take all reasonable measures to protect the personal information you may provide to Mercuri.
Mercuri International Group AB, with company registration number 556518-9700, Box 3044, 169 03 Solna, Sweden is the legal entity responsible for processing your personal data. If you have questions about our privacy and cookie policy, please contact us using the contact form on our website, or at gdpr@mercuri.net. We reserve the right to amend and update this privacy and cookie policy at any time and will give you notice of any material changes.
Processing of personal data
Personal data is any information relating to an identified or identifiable natural person, such as, name, address, phone number and email address. We are processing your personal data in accordance with the Swedish Data Protection Act (SFS 2018:218) and the General Data Protection Regulation (EU/2016/679).
You must be over 18 years to provide personal data to us. If it comes to our attention that we process personal data of a person under the age of 18, we will act to remove the information as soon as possible.
How we collect personal data
The personal data that we process is mainly collected from you when you come into contact with us – e.g., via email, telephone or personal meetings, conferences, conventions or similar occasions. In addition, when you visit our website, we collect data using cookies. We may also collect your personal data from a third party, usually from the company you represent or is employed at.
Please note that when using our site, there are features that allow you to post information that may be considered personal data. You may only provide information about other persons if you have their consent to provide us with their information.
What personal data do we process and why?
We at Mercuri process your personal data for several purposes. To be transparent about our processing, we have specified the processing of personal data below.
A. Information collected by us when you visit our website
Purpose for processing | Categories of personal data |
We process personal data in order to maintain and improve the website’s functionality and user experience, to discover and handle errors, breaches and incidents, to collect statistical data and analyze the web traffic on our website. | – IP-address – Other technical information (e.g., collected through cookies) generated through visits on our website, such as the type of technical device that you have used, web browser, visited pages as well as the time of the visits (browser information, time zone at the place from which you visited our website and other web traffic information) |
Legal basis: Legitimate interest: Mercuri has a legitimate interest to collect information to maintain and improve the functionality, content, and security of our website. Collection of information by use of non-essential cookies is carried out based on your consent. For more information on what cookies we use, please see our section about cookies. |
Retention period: We collect and store information on how visitors interact with our website for no longer than three (3) years. In most cases, the collected data is aggregated and turned into anonymized or highly pseudonymized data. |
How we share and transfer your data: Mercuri shares the personal data with the following external parties: Google Analytics, Hotjar, Facebook, Tawk.to, our web agency, our suppliers of hosting services and website behavior analytics tools. Mercuri will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”). However, we use suppliers belonging to company groups headquartered in the United States and which therefore may, e.g., for technical support purposes, grant remote access to personal data stored within the EU/EEA. |
B. Use of third-party cookies for marketing purposes
Purpose for processing | Categories of personal data |
In order to market our products and services to you, we use third-party marketing cookies. Third-party cookies are used to track the behaviour of users on the website. | – IP-address – Other technical information (e.g., collected through cookies) generated through visits on our website, such as the type of technical device that you have used, web browser, visited pages as well as the time of the visits (browser information, time zone at the place from which you visited our website and other web traffic information) |
Legal basis: Legitimate interest: Mercuri has a legitimate interest to market our products and services to existing and potential customers. |
Retention period: We will keep your personal data for up to two (2) years from the last time you interacted with our website. In most cases, the collected data is aggregated and turned into anonymized or highly pseudonymized data. |
How we share and transfer your data: Mercuri shares the personal data with the following external parties: Google Analytics, Hotjar, Facebook, Tawk.to, our web agency, suppliers of hosting services and website behavior analytics tools. Mercuri will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”). However, we use suppliers belonging to company groups headquartered in the United States and which therefore may, e.g., for technical support purposes, grant remote access to personal data stored within the EU/EEA. |
C. When you fill out a contact form on our website
Purpose for processing | Categories of personal data |
On our website there are several contact forms that you as a visitor can fill in either to contact us and/or to receive marketing material. For the purpose to process your requests and/or to provide requested services/information we process the personal data you have provided to us. | – Name – Email address – Telephone number – Any additional personal data provided in the field “message” – Technical information to remember the data you have provided to us if you click the “remember me” box – If you click the box “subscribe to our newsletters” personal data will be processed to send you newsletters |
Legal basis: Legitimate interest: Mercuri has a legitimate interest to communicate with you, to handle a request from you, and to market our products and services to existing and potential customers. |
Retention period: We will keep your personal data for up to three (3) years from the last time of interaction unless you inform us that you do not wish to be contacted by us. |
How we share and transfer your data: Mercuri shares the personal data with the following external parties: our web agency, supplier of hosting services, provider of our CRM system and website behaviour analytics tools. Mercuri will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”). However, we use suppliers belonging to company groups headquartered in the United States and which therefore may, e.g., for technical support purposes, grant remote access to personal data stored within the EU/EEA. |
D. When we have a business relationship with you or the business you represent
Purpose for processing | Categories of personal data |
Contact and communication with you for the purposes of creating, maintaining and developing our business relationship with you or the company you represent. This includes, among other things, communication via email regarding our business, services and current activities. | – Name – Contact details such as email address, telephone number, lo-cation and business address – Professional title and information regarding the company you represent – Any additional personal data provided by you in communications with Mercuri |
Legal basis: Performance of a contract: Mercuri processes the person data to conclude and perform a contract with you or the company that you represent. If you are acting on behalf of someone else e.g., in the capacity of representative of a customer, partner or supplier to us, our processing is carried out based on our legitimate interest to conclude and fulfill the agreement with the company you represent. |
Retention period: We process and store your personal data for as long as we have a business relationship with you or the company you represent, and thereafter we process and store your personal data three (3) years after the last time we were in contact in our business relationship. |
How we share and transfer your data: Mercuri shares the personal data with the following external parties: supplier of our CRM system. Mercuri will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”). However, we use suppliers belonging to company groups headquartered in the United States and which therefore may, e.g., for technical support purposes, grant remote access to personal data stored within the EU/EEA. |
E. When you access our Mercuri LMS or the Mercuri sales enablement platform
Purpose for processing | Categories of personal data |
Mercuri will collect relevant personal data to enable users of the LMS or the sales enablement platform to access the platform and their personal learning programs, to enable personal communication with the user and to enable content suggestions based on previous actions on the platform. | – Name – Contact details such as email address, telephone number, location and business address – Actions, behaviors & results within the platform – Email correspondence – IP-address, and personal settings within your browser – Assessments, tests, assignments, personal feedback given by the learner on the platform – Visits, time spent on the platform, selected paths and other types of behavior and actions – Any additional personal data provided by you in the platform |
Legal basis: Legitimate interest: Mercuri has a legitimate interest to process personal data in order for you to use the LMS and our sales enablement platform and to enable the provision of the LMS platform to our customers. |
Retention period: We will keep your personal data for up to three (3) years from the last time of interaction. Analyses and tests are saved until the education is completed, up to one (1) year. |
How we share and transfer your data: Mercuri shares the personal data with the following external parties: our web agency, our suppliers of hosting services, website behavior analytics tools, CRM system, as well as providers of data center services. In addition, Ariadne Digital s.r.l. and Ariadne eLearning s.r.l are the developers of the Mercuri sales enablement platforms customizations and configurations based on the Moodle platform. These vendors maintain the application and manages the infrastructure needed for a safe platform; hence they may access data in order to analyses and resolve software issues or if required for data analysis. Amazon Web Services Inc, a cloud computing and hosting provider is used to store and backup the data a user generates by using the service securely. Mercuri may transfer your personal information from the Mercuri sales enablement platform to countries outside the EU/EEA area in order to process your transactions or to satisfy global reporting requirements as Mercuri may be required to provide personal data to Mercuri Units in other countries. |
F. Research, Studies & Surveys
Purpose for processing | Categories of personal data |
For the purpose of performing research, studies and surveys we will process your personal data. | – Name – Contact details (email address and telephone number). – Information on what company you represent and your job title. – Information you provide in Mercuri research studies and surveys – Any additional personal data provided by you in the contact form sent to Mercuri |
Legal basis: Legitimate interest. Mercuri has a legitimate interest in improving its services and products by analyzing its business ventures, costumer segments and surveys from costumers and users. |
Retention period: Retention period: We will keep your personal data for up to 3 years from the time of collection. |
How we share and transfer your data: Mercuri shares the personal data with the following external parties: our web agency, suppliers of hosting services, website behavior analytics tool, CRM system. Mercuri will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”). However, we use suppliers belonging to company groups headquartered in the United States and which therefore may, e.g., for technical support purposes, grant remote access to personal data stored within the EU/EEA. |
G. Marketing Communication, Sales & Marketing activities
Purpose for processing | Categories of personal data |
For marketing our products and services, we will process personal data about you if you in the past or in communication with us have shown interest in our products and services or if we through a third party have gained information that you might be interested in our products or services. | – Name – Contact details (email address and telephone number) – Information on what company you represent and your job title – Any additional personal data provided by you in the contact form sent to Mercuri |
Legal basis: Legitimate interest: Mercuri has a legitimate interest to market our products and services to existing and potential customers. |
Retention period: We will keep your personal data for up to three (3) years from the last time of interaction unless you inform us that you do not wish to be contacted by us. |
How we share and transfer your data: Mercuri shares the personal data with the following external parties: our web agency and supplier of our CRM system. Mercuri will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”). However, we use suppliers belonging to company groups headquartered in the United States and which therefore may, e.g., for technical support purposes, grant remote access to personal data stored within the EU/EEA. |
Transfers of personal data
We always require that our suppliers and companies that we cooperate with ensure that any transfers of personal data to countries outside the EU/EEA are performed in accordance with all applicable legal requirements including, where required, enter into an agreement with their suppliers based on the EU Commission’s standard contractual clauses. Here, you can find the standard contract clauses applicable to transfers of personal data to a recipient outside of the EU/EEA.
The personal data you register with Mercuri is never sold to third parties for commercial purposes.
Your rights
In this section we describe your rights as a data subject. The data protection authority in Sweden is IMY (Integritetsskyddsmyndigheten), If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you to contact us in order for us to over-see your complaints. You may at any time also file a complaint with the supervisory authority.
Please note that not all rights listed below are absolute and there are exemptions which can be valid. If you want to exercise your rights, please contact us using our contact form on our website, or at gdpr@mercuri.net.Your rights are the following:
Right of access: You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.
Right of rectification: You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.
Right to erasure: You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.
Right to restriction: You have the right to restrict the processing of your personal data in the following circumstances: (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
Right to data portability: If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.
Right to object: You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Right to object to direct marketing: You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.
Right to withdraw consent: When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.
What are cookies and how do they work?
Mercuri uses cookies for www.mercuri.net and associated domains and applications (like the Mercuri sales enablement platform). A cookie is a small data file with text stored in your browser which enables us or third parties to identify you. Cookies can be used for the following purposes:
- allow certain functions;
- provide statistics;
- save your choices and
- enable advertising and interest-based marketing.
Cookies can be of two types, session cookies or permanent cookies.
- A session cookie automatically disappears when you close your browser.
- A permanent cookie remains for a certain amount of time or until you delete your cookies.
The expiration date is stored in the cookie itself; some may cease to work after a few minutes, while others may end after several years.
Cookies placed by the webpage you visit are sometimes called first-party cookies, while cookies by other companies are called third-party cookies.
Strictly necessary cookies are placed when you use our services and visit our website. Functional- and advertising cookies are optional and only placed if you have provided your consent to them.
If you do not want any cookies or certain types of cookies, you have the ability via our cookie consent manager to accept or decline various types of non-essential cookies. You can also change the settings in your browser to delete saved cookies and block new ones. See your browser’s help pages for more information about approaches. However, note that deleting or blocking cookies may prevent you from using all the features on our site, such as to save your choices, and it may also cause some pages to not display properly. Below you’ll find links with information on how you can manage cookies in your web browser:
Our use of third-party cookies
Mercuri uses Google Analytics to analyze how the site is used. Google Analytics generates statistics and other information about how the site is used by saving cookies on the user’s computer. The information generated for our site is used to create reports about the use of the site. Google saves and uses this information. Google’s Cookie Policy is available here.
Mercuri uses a service from Hotjar is used to understand user behavior on our website. Hotjar’s Cookie Policy is available here.
Mercuri uses third party cookies by Facebook for purposes of marketing our brand, products and services. Facebook’s Cookie Policy is available here.
To optimize the chat function, we use third party cookie by Tawk.to. Tawk.to’s Cookie Policy is available here.
In order to host virtual events, Vimeo places cookies to remember user history. Vimeo’s Cookie Policy is available here.
Our sales enablement platform is hosted by Moodle LMS, third party cookies are placed to remember user log-in. Moodle’s Cookie Policy is available here.
The cookies on our sales enablement platform and websites
Name | Provider | Purpose | Expiry |
MoodleSession | Moodle | To provide continuity and to remain logged in when browsing the Mercuri sales enablement platform. | Session |
MOODLEID | Moodle | To remember the username and password for returning users. | 2 months |
SAPISID | .google.com | The SAPISID cookie is used by Google to store user preferences and information when viewing pages with Google hosted content, such as YouTube or Google Maps | 2 years |
APISID | .google.com | The APISID cookie is used by Google to store user preferences and information when viewing pages with Google hosted content, such as YouTube or Google Maps. The SSID cookie is used by Google to store user preferences and information when viewing pages with Google hosted content, such as YouTube or Google Maps. | 2 years |
SSID | .google.com | This cookie stores the preferences and other information of the user. These include, in particular, the preferred language, the number of search results to be displayed on the page, and the decision whether or not to activate Google’s SafeSearch filter | 2 years |
__Secure-3PSID | .google.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 2 years |
SID | .google.com | Security cookie to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access. | 2 years |
HSID | .google.com | Security cookie to confirm visitor authenticity, prevent fraudulent use of login data and protect user data from unauthorized access. | 2 years |
__Secure-3PAPISID | .google.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 2 years |
__Secure-3PSIDCC | .google.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 2 years |
SIDCC | .google.com | Security cookie to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access. | 2 years |
__Secure-3PAPISID | .google.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 2 years |
SAPISID | .google.com | Google collects visitor information for videos hosted by YouTube. | 2 years |
SSID | .google.com | Google collects visitor information for videos hosted by YouTube on maps integrated with Google Maps. | Persistent |
__Secure-3PSID | .google.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 2 years |
SID | .google.com | Security cookie to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access. | 2 years |
HSID | .google.com | Security cookie to confirm visitor authenticity, prevent fraudulent use of login data and protect user data from unauthorized access. | 2 years |
IDE | .doubleclick.net | These cookies set by a third party (DoubleClick) and are used for serving targeted advertisements that are relevant to you across the web. | 1.5 years |
fr | .facebook.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 3 months |
DSID | .doubleclick.net | These cookies set by a third party (DoubleClick) and are used for serving targeted advertisements that are relevant to you across the web. | 1.5 years |
xs | .facebook.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 3 months |
dpr | .facebook.com | Performance tracking on how Facebook products load for different users. | 7 days |
wd | .facebook.com | Performance tracking on how Facebook products load for different users. | 7 days |
RUL | .doubleclick.net | Used by DoubleClick to determine whether website advertisement has been properly displayed – This is done to make their marketing efforts more efficient. | 1 year |
c_user | .facebook.com | A cookie to verify accounts and determine when users are logged in so Facebook can make it easier to access the Facebook Products and show the appropriate experience and features. | 1 year |
presence | .facebook.com | The presence cookie is used to contain the user’s Facebook chat state. | Session |
sb | .facebook.com | this cookie is used to store device browsing information | 2 years |
datr | .facebook.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 2 years |
AID | .google.com | This cookie is used to coordinate consistent ad target for the same profile over multiple devices | 1 week |
__cfduid | .tawk.to | Used by the content network Cloudflare to identify trusted web traffic. | 1 year |
SEARCH_SAMESITE | .google.com | Cookie sameSite set to Strict restricts cross site sharing entirely while none allows 3rd party cookies to be used on other sites | 2 years |
vuid | .vimeo.com | This cookie is used to store the user’s usage history | 2 years |
spin | .facebook.com | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 1 day and 1 hour |
NID | .google.com | contains a unique ID Google uses to remember your preferences and other information, such as your preferred language | 6 months |
wp-settings-time-{UID} | mercuri.net | The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. | 1 year |
1P_JAR | .gstatic.com | Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates. | 1 month |
_fbp | .facebook.com | When the Facebook pixel is installed on a website, and the pixel uses first-party cookies, the pixel automatically saves a unique identifier to an _fbp cookie for the website domain if one does not already exist. | 3 months |
_hjAbsoluteSession-InProgress | Hotjar Ltd | Statistics to store unique visits | Session |
_gid | .google.com | Anonymous usage statistics | 1 day |
_ga | .google.com | Google Analytics uses this cookie to anonymously distinguish users | 2 years |
_hjIncludedInPage-viewSample | Hotjar Ltd | This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site’s pageview limit. | 30 minutes |
TawkConnection-Time | Twak.to | Allows the website to recognize the visitor, in order to optimize the chat-box functionality. | Session |
_dc_gtm | .google.com | Used to throttle request rate | 1 minute |
_gat | .google.com | Used to throttle request rate | 1 minute |
_gcl_au | .google.com | Used to take information in advert clicks and store it in a 1st party cookie so that conversions can be attributed outside of the landing page | 3 months |
_hjFirstSeen | Hotjar Ltd | This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions. | Session |
_hjid | Hotjar Ltd | Set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 365 days |