GDPR: Mergo's Data Processing, and International Data Transfers
We'll discuss where Mergo's data are stored, how our data processing complies with GDPR, and its International Data Transfer clause.
In this article
Legitimacy of our data processing operations
The physical storage of Mergo data and processing is protected under Data Processing and Security Terms of Google Cloud Platform.
Mergo is GDPR and HIPAA-compliant as we don't store or transfer any personal data. That is because your data (campaign sheet or mailing list) is stored in your Google Sheets and is never saved in our database.
Info: Mergo's Data Processing Agreement (DPA) is incorporated by reference to the Terms of Service that you (or your domain admin) accepted when you started using our Mergo add-on.
Does Mergo execute international transfer of personal data?
Note: No, we never process international data transfer in any way. Neither do we use in-house script nor perform file transfers.
We will never transfer, sell, make copies, or share any of your data stored by Mergo to third-party services or companies.
Can I exercise my right to data portability?
As detailed in our article DATA STORAGE: What data are stored by Mergo and how is it used?, we don't store any of your customers’ data (campaign sheet record or mailing list). As such, we are not obliged to any data portability requests.
Which Data Transfer mechanisms does Mergo rely on: Standard Clauses or Privacy Shield?
This means that our users can take comfort that their EEA personal data continues to be protected to European standards in compliance with applicable data protection laws including GDPR.