Privacy Policy
Last updated: January 15, 2025
1. Who we are
Merkiz UAB ('Merkiz', 'we', 'us') operates the Merkiz B2B e-commerce platform. We are registered in Lithuania (company number 305742811) with registered address at Gedimino pr. 44, Vilnius, Lithuania. We act as the data controller for personal data collected through our website and platform, and as a data processor for personal data that our customers collect through their Merkiz-powered stores.
2. What data we collect
We collect the following categories of personal data: account information (name, email address, company name, billing address), usage data (pages visited, features used, login timestamps), payment information (handled by our payment processor - we store only the last 4 digits of card numbers and billing address), support communications (emails and chat messages you send us), and analytics data (browser type, device, IP address - anonymized after 90 days).
3. How we use your data
We use your personal data to provide and improve the Merkiz platform, process payments, send transactional emails (invoices, alerts, account notifications), respond to support requests, send product updates and newsletters (with your consent), comply with legal obligations, and enforce our Terms of Service.
4. Legal basis for processing
We process your data under the following legal bases under GDPR: Contract performance (to provide the service you signed up for), Legitimate interests (to improve the platform, prevent fraud, and ensure security), Legal obligations (to comply with accounting, tax, and regulatory requirements), and Consent (for marketing communications - you can withdraw consent at any time).
5. Data sharing and transfers
We share personal data with: our infrastructure providers (AWS, hosted in EU-West regions), payment processors (Stripe - EU data), email service providers (restricted access, data processing agreements in place), and analytics tools (anonymized data only). We do not sell your personal data. We do not share it with third parties for their own marketing purposes. If we transfer data outside the EU, we use Standard Contractual Clauses approved by the European Commission.
6. Data retention
We retain your account data for the duration of your subscription plus 90 days after cancellation (to allow for account reinstatement). Financial records are retained for 7 years as required by Lithuanian accounting law. Support communications are retained for 2 years. Analytics data is anonymized after 90 days.
7. Your rights under GDPR
As a data subject under GDPR, you have the right to: access a copy of your personal data, correct inaccurate data, request deletion of your data (right to erasure), restrict processing of your data, portability of your data in a machine-readable format, object to processing based on legitimate interests, and withdraw consent at any time (for consent-based processing). To exercise any of these rights, email us at privacy@merkiz.com. We respond within 30 days.
8. Cookies
We use essential cookies (required for the platform to function), preference cookies (to remember your language and display settings), and analytics cookies (to understand how our platform is used - using anonymized data). You can control non-essential cookies via our cookie preference center. We do not use third-party advertising cookies.
9. Security
We implement appropriate technical and organizational measures to protect your data: TLS 1.3 encryption in transit, AES-256 encryption at rest, SOC 2 Type II certified infrastructure, regular penetration testing, access controls and audit logs, and a responsible disclosure program for security researchers.
10. Contact and complaints
For privacy questions or to exercise your rights, contact our Data Protection Officer at privacy@merkiz.com or by post at: Merkiz UAB, Gedimino pr. 44, LT-01110 Vilnius, Lithuania. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the State Data Protection Inspectorate (Lithuania) or the supervisory authority in your EU member state.
Questions? privacy@merkiz.com