1. Data protection

Your privacy and trust are important to us. This Statement explains how Merger Mind (“we”, “us” or “our”) collect, handle, store and protect personal information about you in the context of our services. It also provides information about your rights and about how you can contact us if you have questions about how we handle your information.

Merger Mind provides information solutions for professionals and this Privacy Statement applies to individuals who use any website, application, including mobile application (“app”), product, software or service of ours that hyperlinks to this Statement (we call these our “Services”). It does not apply to your activities on the websites of social networks or other providers that you can reach via the links on our websites. Please check the websites of these providers for their data protection regulations.

Controller within the meaning of the General Data Protection Regulation (“GDPR”) is:

       Merger Mind UG (haftungsbeschränkt)
       Flottwellstraße 20
       10785 Berlin
       Germany
       E-Mail: [email protected]

2. Collection and processing of your personal data

1. When you visit our website, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (e.g. whether you were able to access a website or received an error message), the use of website functions, the search terms you may have entered, the frequency with which you access individual websites, the designation of files accessed, the amount of data transferred, the website from which you accessed our websites and the website which you visit from our websites, either by clicking on links on our websites or by entering a domain directly in the input field of the same tab (or the same window) of your browser in which you opened our websites.
2. We only store other personal data if you provide this data, e.g. as part of a registration, a contact form, a survey or for the execution of a contract, and even in these cases only insofar as this is permitted to us on the basis of a consent given by you or in accordance with the applicable legal provisions (further information on this can be found below in the section "Legal basis of processing").
3. You are not legally or contractually obliged to make available your personal data. However, it is possible that certain functions of our websites depend on the availability of personal data. If you do not make available personal data in these cases, this may result in functions not being available or only being available to a limited extent.

3. Purposes of use

1. We use the personal data collected when you visit our website in order to operate it in the most convenient manner for your use and to protect our IT systems from attacks and other illegal activities.
2. If you provide us with further personal data, e.g. within the scope of a registration, a contact form, a survey or for the execution of a contract, we use this data for the purposes mentioned, for the purposes of customer administration and – if necessary – for the purposes of processing and accounting of any business transactions, in each case to the extent required for this.

4. Analysis of usage data; use of analysis tools

1. We would like to tailor the content of our websites as precisely as possible to your interests and needs and in this way improve our offer for you. In order to identify usage preferences and particularly popular areas of the websites, we use the following analysis tools: Google Analytics, Mixpanel and Cloudfare.
2. When using these analysis tools, data may be transferred to servers located in the USA and processed there. Please note the following: In the USA, the European Union considers that there is no "adequate level of protection" for the processing of personal data in accordance with EU standards. However, this level of protection can be replaced for individual companies by certification according to the so-called "EU-U.S. Privacy Shield". Google as well as Mixpanel have signed up to the EU-US Privacy Shield.
3. Below you will find information on the providers of the analysis tools we use and the respective opt-out options:

1. 1. Google Inc. (“Google“):
      1. We use Google Analytics, a web analysis service provided by Google Inc., for the purpose of tailoring our pages to meet your needs and continuously optimising them. (About Google) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website such as   
         
         
         • Browser type/version,
         • operating system used,
         • Referrer URL (the previously visited page),
         • Host name of the accessing computer (IP address),
         • Time of the server request,
         are transferred to a Google server in the USA and stored there. This information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for market research purposes and to tailor these internet pages to meet requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).
      2. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.
      3. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (Google add-on).
      4. As an alternative to the browser add-on, in particular for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set to prevent your information from being collected in the future when you visit this website. The opt-out cookie applies only to this browser and only to our website and is placed on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.
      5. Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help.
   2. YouTube, LLC (“YouTube”)
      
      Our website uses plugins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you've visited. If you're logged into your YouTube account, YouTube will allow you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information about how to handle user data, please refer to the YouTube Privacy Policy at https://www.google.com/intl/en/policies/privacy.
   3. Mixpanel Inc. (“Mixpanel”)
      1. We use Mixpanel to help analyse how users use our websites. The tool uses “cookies” to collect standard Internet log information and visitor behaviour information.
      2. The following information is transmitted to Mixpanel:
         • · location data, such as: country, region and city, obtained by converting the IP address;
         • · device info, such as: device ID, device model and type, name and version of device operation system, device settings and language settings;
         • · identifiers and results of operations performed;
         • · Application version.
      3. Data transmitted to Mixpanel is not additionally stored or transferred to other services or resources.
      4. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for us. You can find more information about Mixpanel’s privacy policy here: https://mixpanel.com/privacy/.
      5. You may choose to opt out of the Mixpanel cookie at any time. This information can be found at: https://mixpanel.com/optout/. 
      6. Further, analytical data transfer to Mixpanel can be disabled in the browser settings. Mixpanel toggles tracking according to "Do Not Track" (DNT) settings in web browsers. If the DNT setting is set, then Mixpanel will not collect information from that Mixpanel instance.
      7. DNT settings apply to a particular browser instance - moving to a different browser that does not have DNT configured may cause data to be collected.
      8. For more information about privacy settings, please access on Mixpanel privacy policy:
         • · https://mixpanel.com/legal/privacy-policy;
         • · https://help.mixpanel.com/hc/en-us/sections/115001299023-Data-Security-and-Privacy;
         • · https://help.mixpanel.com/hc/en-us/articles/360000345423-GDPR-Compliance.
      9. Mixpanel Inc. is certified under the Privacy Shield and hereby guarantees compliance with European privacy laws:
         • · https://www.privacyshield.gov/participant?id=a2zt0000000TOacAAG&status=Active.
   4. Cloudflare, Inc (“Cloudfare”)
      1. This website uses Cloudfare to make the website quicker and safer. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare offers web optimisation and security services designed to improve and protect websites. These include a reverse proxy, a pass-through security service, and a content distribution network.
      2. Cloudfare collects information about the website visitors. Such data include the IP addresses, system configuration information, and other information to and from the website, which are derived from browsing activities. This information helps Cloudfare to detect new threats, identify malicious third parties, and to offer stable security protection for this website. Data may, under certain circumstances, be stored on Cloudflare’s servers in the USA.
      3. Cloudflare sets cookies to guarantee these functions. The data that will be collected and more information about which cookies are set, we kindly refer to the section on the Cloudfare website (https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies). The storage period is up to one year.
      4. Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework. For more information, we kindly refer to https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
      5. For more information about data protection at Cloudflare, we kindly refer to https://www.cloudflare.com/de-de/privacypolicy/.

7. Drift, Inc. (“Drift”)

We use Drift, 222 Berkeley Street, 6th Floor, Boston, MA 02116, USA, to provide a website chat bot and to, e.g., allow you to interact with our team and to book a meeting with a sales representative. As part of your conversation with the chat bot, you may enter personal information such as your email address. This information is stored by Drift, and automatically transferred to us to enable us to interact with you or to enable the booking of your meeting and to notify a sales representative. If you have previously interacted with us some of your information may be shared with the Drift in order for us to present you with the most relevant options and to speed up the process of communication and arrangements of appointments.

Information on Drift’s privacy policy can be found at https://www.drift.com/privacy-policy/. Drift is a participant in the EU-U.S. Privacy Shield. For more information, we kindly refer to https://www.drift.com/privacy-policy/ section (“EU-US and Swiss-US Privacy Shield”) .

8. Stripe, Inc.

If you sign up for paid services directly with us, we obtain limited information about your payment card from our payment processor, such as the last four digits, the country of issuance and the expiration date. Currently, our payment processor is Stripe. Stripe uses and processes your complete payment information in accordance with Stripe’s privacy policy. 

Stripe’s services in Europe are provided by a Stripe affiliate - Stripe Payments Europe Limited (“Stripe Payments Europe”) - an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. The legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation). The reason why this is necessary to perform a contract is to fulfil your contractual obligation to pay for the services you have ordered from us.

Stripe Inc. has subscribed to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

9. Cookies

We use cookies and similar software tools such as HTML5 Storage or Local Shared Objects (together "cookies") to identify your interests and particularly popular areas of our websites and use this information to improve the design of our websites and make them even more user-friendly. For the same purposes we use the analysis tools as described above; cookies may also be used here.

1. Functions and use of cookies
   1. Cookies are small files that are placed on your desktop, notebook or mobile device by a website you visit. From this we can, for example, recognize whether there has already been a connection between your device and our websites, or which language or other settings you prefer. Cookies may also contain personal data.
   2. By using our websites, you agree to the use of cookies.
      
      You can also visit our website without consenting to the use of cookies. This means that you can refuse such use and delete cookies at any time by making the appropriate settings on your device. This is done as follows:
      1. Most browsers are pre-set to automatically accept cookies. You can change this setting by activating the setting “do not accept cookies” in your browser.
      2. You can delete existing cookies at any time. You can find out how this works in detail in the instructions of your browser or device manufacturer.
      3.  For information on deactivating Local Shared Objects, see the following link: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html.
      4. Like the use of cookies, their rejection or deletion is also linked to the device used and also to the browser used in each case. You must therefore reject or delete the cookies separately for each of your devices and, if you use several browsers, also for each browser.
   3. If you decide against the use of cookies, it is possible that not all functions of our websites are available to you or that individual functions are only available to you to a limited extent.

10. Security

We use technical and organisational security measures to protect your data managed by us against manipulation, loss, destruction and against access by unauthorised persons. We are constantly improving our security measures in line with technological developments.

11. Legal bases of processing

1. Insofar as you have given us your consent for the processing of your personal data, that consent is the legal basis for the processing (Art. 6 para. 1 letter a GDPR).
2. For the processing of personal data for the purposes of initiating or fulfilling a contract with you, Art. 6 para. 1 letter b GDPR is the legal basis.
3. Insofar as the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g. for the retention of data), we are authorized to do so pursuant to Art. 6 para. 1 letter c GDPR.
4. In addition, we process personal data for the purposes of safeguarding our legitimate interests and the legitimate interests of third parties pursuant to Art. 6 para. 1 letter f GDPR. Maintaining the functionality of our IT systems, marketing our own products and services as well as documenting business contacts as required by law are such legitimate interests. As part of the consideration of interests required in each case, we take into account various aspects, in particular the type of personal information, the purpose of processing, the circumstances of processing and your interest in the confidentiality of your personal information.

12. Deletion of your personal data

We delete your personal data as soon as the purpose for which we have collected and processed the data ceases to apply. Beyond this time period, data storage only takes place to the extent made necessary by the legislation, regulations or other legal provisions to which we are subject in the EU or by legal provisions in third-party countries if these have an appropriate level of data protection. Should it not be possible to delete data in individual cases, the relevant personal data are flagged to restrict their further processing.

13. Rights of the data subject

1. As a data subject, you have the right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and right to data portability (Art. 20 GDPR).
2. If you have consented to the processing of your personal data by us, you have the right to revoke your consent at any time. The legality of processing your personal data before revocation remains unaffected. We may further process such data pursuant to another applicable legal basis, e.g. for the fulfilment of our legal obligations (cf. section "Legal bases of processing").
3. Right to object
   
   You have the right to object at any time to the processing of your personal data pursuant to Art. 6 para. 1 letter e GDPR (data processing in the public interest) or Art. 6 para. 1 letter f GDPR (data processing on the basis of a balance of interests) on grounds relating to your particular situation. If you object, we will only process your personal data if we can prove compelling legitimate reasons that outweigh your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
4. We ask you to address your claims or declarations to the following contact address if possible:
          [email protected]
5. If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).