LAST REVISED September 9, 2024

This Privacy Notice (“Notice”) describes how Barney Inc. and their affiliated and subsidiary companies (collectively, “Merge” “we” or “us”), collect, use and store personal information related to:

  • the use of the gomerge.com website ("website")
  • individuals who communicate with us
  • individuals who use our products and services ("Services").

This Notice is intended to describe our overall privacy and data security practices. In the event that this Notice does not cover a data processing activity, we may provide an additional notice related to that activity prior to collecting personal information from you.

This Notice also covers data which may be available to customers through the use of our Services or data we may receive when we act as a data processor to our customers. Our websites may also contain links to other websites (such as through an advertisement, service, or content link), which is governed by the privacy notice of the third-party operator of that website. Merge is not responsible for the content of those third-party websites. We encourage you to look for and review the privacy notices and statements of each and every website that you visit through a link or advertisement on gomerge.com.

“Personal information” as used in this privacy notice shall mean any information that identifies, relates to, describes, or is reasonably capable of being associated or linked, directly or indirectly, to an individual. Personal information shall include similar terms under applicable privacy laws, such as “personal data” and “personal information.”

INFORMATION WE COLLECT

Information we collect directly from you
We collect the information you provide directly to us, such as when you inquire about our Services, enter into an agreement with us, or otherwise interact with us on the internet, through text messages, on the phone, and in person. The types of personal data we may collect directly from you include:

Basic Identifying Information
Including your name, email address, company information, job title, phone number, and social media handles.

Device Information and Other Unique Identifiers
Including device identifier, internet protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers.

Internet or Other Network Activity
Including browsing or search history and information regarding your interactions with our websites, mobile applications, emails, or advertisements.

Geolocation Data
Including information that permits us to determine your location, such as if you manually provide location information or enable your mobile device to send us precise location information.

Payment Information
Including ACH, credit, or debit card numbers.

Commercial Information
Including Services you have purchased, transaction history, and related information regarding your interaction with our Services.

User Content
Including your communications with us and any other content you provide (such as survey responses, comments, reviews, testimonials, and other content).

Audio Information
Including recordings of your voice (such as when we record customer service calls for quality assurance).

Inferences
Inferences drawn from or created based on any of the information identified above.

Job Applicant Information
Including professional or employment-related information (such as education and employment history) and any other information you provide in connection with applying and interviewing for employment with us. If we retain you as an employee or contractor, this may include, among other things, your Social Security number or taxpayer ID. We use a third party to operate our job listing and application process and we encourage you to also review the Notice of such third party.

Sensitive Personal Information
Social security numbers, driver’s license numbers, passport numbers, precise geolocation data, and racial or ethnic origin information. Please note: some types of personal information are subject to a heightened level of protection under data privacy laws. These types of personal information are called “sensitive personal information” and include social security numbers, driver’s license numbers, passport numbers, precise geolocation data, and racial or ethnic origin information. To the extent we collect, receive, or process sensitive personal information, we apply security measures designed to protect such information. We collect or receive certain sensitive personal information from job applicants and employees, which is addressed in a separate notice.

Information about you through your use of our Services
We may collect information about you and your use of the Services, when you:

  • Use or express interest in using our Services
  • Correspond with our Service team

Information we collect by automated means
When you visit our websites online, we collect certain information automatically. To collect this information, we may use cookies, web beacons, log files, and similar technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “log file” tracks your actions on websites and may collect Information related to your device, browser, internet service provider, and the time of your activity. A “web beacon,” also known as a pixel tag or clear GIF, is used to transmit information back to a web server. We may also collect information about your online activities over time and across third-party websites. The information we collect automatically may include:

  • URLs that refer visitors to our websites;
  • Search terms used to reach our websites;
  • Details about the devices that are used to access our websites (such as IP address, browser information, location information, device information, and operating system information);
  • Details about your interaction with our websites (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, and which emails you may have opened); and
  • Usage information (such as the number and frequency of visitors to our websites).

We rely on first-party cookies to record a visitor’s on-site activity. We also rely on third-party cookies to understand a visitor’s off-site activity, such as activity on other domains you own.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website, Services, or Platform. They include, for example, cookies that enable you to log into secure areas of our Platform.
  • Performance cookies. These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our website.
  • Functionality cookies. These cookies enable the website to provide enhanced functionality and personalization.
  • Targeting cookies. These cookies are used to make advertising messages more relevant to you.

Information we collect as a Service Provider or Processor
Some of our Services require us to process data that has been uploaded, stored, and shared via our customer’s clients. We do not review or analyze the content of the data. However, such data may contain personal data which we process pursuant to our customer’s instructions. We do not control such data; rather we handle this type of data as a data processor only. Merge processes such data as governed by written agreements in place with its customers and to the extent necessary to comply with applicable laws. As a result, Merge’s customers are responsible for obtaining and providing all appropriate notifications and consents when they collect personal data. Personal data that is transferred to us by our customer to be processed shall be deemed to have been collected with appropriate notifications and consents. We assume no responsibility for obtaining or validating that appropriate consent has been obtained or notifications provided with respect to data provided by our customers.

HOW WE USE YOUR INFORMATION
We may use the information we collect based on legal basis and legitimate interest principles such as to verify your identity, to deliver Services, to register and maintain your account and our interactions with you, and to analyze, provide, maintain, and improve our Services. We also use the information we collect to:

  • Communicate with you about our Services;
  • Respond to your requests, inquiries, comments, and suggestions;
  • Facilitate your engagement with the Services and fulfill our obligations to you under our agreements;
  • Deliver relevant and personalized marketing, advertising, and promotional materials to you;
  • Conduct auditing, reporting, governance, and related internal operations in connection with our business including fulfilling our financial, tax, and accounting obligations, such as audits, assessments, privacy, security, and financial controls, accounting, record keeping, and legal functions, any actual or contemplated merger, acquisition, asset sale or transfer, financing, or restructuring of all or part of our business;
  • Comply with legal obligations;
  • Process payment for Services; and
  • Protect against, defend, identify, investigate, and respond to fraud or other illegal activity.

Where we rely on our legitimate interest, we will balance that against our applicable legal obligations to you. We will not collect additional categories of personal data or use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you notice. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third-party partners, you may withdraw your consent by contacting those partners directly.

HOW WE SHARE YOUR INFORMATION
We may share the information we collect:

  • With service providers and vendors that provide services for us or on our behalf;
  • With select partners, service providers, and vendors in connection with the provision of our Services;
  • To comply with a legal or regulatory obligation, protect and defend Merge's rights or property, protect the safety of our customers and the public, and protect against legal liability;
  • In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by a third party;
  • Between and among Merge's current and future parents, subsidiaries, affiliates, and other companies under common control and ownership; and
  • With your consent and at your direction.

YOUR RIGHTS AND CHOICES

Restricting cookies
Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites and Services.

CHILDREN
Our Services are not designed for children and we do not knowingly collect personal data from children. If you have reason to believe that a child has provided personal data to us, please contact us at hello@gomerge.com and we will delete that information from our databases.

DATA TRANSFERS
Merge is headquartered in the United States, and we currently only have operations and entities in the United States. If you provide information to us from another country, we may transfer your personal data to, or store or access it in, a jurisdiction that may not provide equivalent levels of data protection as your home jurisdiction. We will take commercially reasonable steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.

LINKS TO OTHER WEBSITES AND THIRD PARTY CONTENT
We may provide links to third-party websites, services, and applications that are not operated or controlled by Merge. This Notice does not apply to third-party services, and we cannot take responsibility for the content, privacy policies, or practices of third-party services. We encourage you to review the privacy policies of any third-party service before providing any information to or through them.

DATA RETENTION
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose.

DATA SECURITY
We will maintain, monitor, and enforce reasonable organizational, administrative, technical, and physical safeguards to protect the security and confidentiality of your personal data from loss, misuse, unauthorized access or disclosure. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.

CHANGES TO OUR NOTICE
We may change this Notice from time to time. If we do so, we will post the updated notice on our sites and will indicate when the Notice was last revised. If we make any material changes, we will provide you with additional notice. You should periodically review our current Notice to stay informed of our personal data practices.

CALIFORNIA PRIVACY RIGHTS
California law requires us to disclose the following additional information with respect to our privacy practices. If you are a California resident, this section applies to you in addition to the rest of the Notice.

California Shine the Light
Customers who are residents of California may request information concerning the categories of personal information (if any) we disclose to third parties or affiliates for their direct marketing purposes. If you would like more information, please submit a written request to us at hello@gomerge.com.

Categories of Personal Information We Collect and Our Purposes for Collection and Use
You can find a list of the categories of personal information that we collect and the sources of such information in the “Information We Collect” section above. We collect and use personal information for the business or commercial purposes described in the “How We Use Your Information” section above.

Categories of Personal Information Disclosed and Categories of Recipients
We disclose the following categories of personal information for business or commercial purposes to the categories of recipients listed below:

  • We disclose Basic Identifying Information with businesses, service providers, and third parties, such as advertising networks, analytics providers, and social media networks.
  • We disclose Device Information and Other Unique Identifiers with businesses, service providers, and third parties, such as advertising networks, analytics providers, and social media networks.
  • We disclose Internet or Other Network Activity with businesses, service providers, and third parties, such as advertising networks, analytics providers, and social media networks.
  • We disclose Geolocation Data with businesses, service providers, and third parties, such as advertising networks, analytics providers, and social media networks.
  • We disclose Payment Information with businesses and service providers who process payments.
  • We disclose Commercial Information with businesses, service providers, and third parties, such as advertising networks, analytics providers, and social media networks.

For more information on how your information is disclosed, please see the “How We Share Your Information” section above, which provides more detail on our business partners, service providers and third parties. We may also need to disclose any of the above categories of information pursuant to legal process. As stated in the “Your Rights and Choices” section above, we typically retain your personal information for the period necessary to fulfill the purposes outlined in this Notice, unless a longer retention period is required or permitted by law.

Categories of Information “Sold”
We do not sell your personal data for a monetary fee; however, some U.S. privacy laws define a “sale” very broadly such that it may include our sharing of your personal data with certain third parties if we receive anything of value in return. In that regard, we share your personal data with certain third-party marketing and referral partners and in exchange we receive the ability to market or offer our products and services through their websites, applications, and services. This may be considered a “sale” under some laws.

The personal data that may be shared or sold in this context is: your name; email address; other contact information; and information obtained through cookies about, for example, your location, the website that directed you to our Services, how you navigate our sites, and what purchases you make.

Other than these third-party marketing partners, there are no other third parties to which we will sell your personal data.

Do-Not-Track Features
Many web browsers and some mobile operating systems and mobile applications include a “do-not-track” feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing do-not-track signals has been finalized and, as such, we do not currently respond to do not track browser signals or any other mechanism that automatically communicates your choice not to be tracked online. We will update this Notice if that changes in the future.

Do-Not-Track Features
Many web browsers and some mobile operating systems and mobile applications include a “do-not-track” feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing do-not-track signals has been finalized and, as such, we do not currently respond to do not track browser signals or any other mechanism that automatically communicates your choice not to be tracked online. We will update this Notice if that changes in the future.

Additional Privacy Rights

Right to Information. Subject to certain limits, and depending on your location of residency, you may ask us to provide the following information:

  • The categories of personal information we collected about you;
  • The categories of sources from which the personal information was collected;
  • The business or commercial purpose for collecting the personal information;
  • The categories of third parties with whom we shared the personal information;
  • The specific pieces of personal information we collected about you; and
  • Whether your personal information was sold or shared (“shared” in this context means sharing for the specific purpose of cross-context behavioral advertising) and, if so, the categories of personal information that was sold or shared, the categories of third parties to which your personal information was sold or shared, and the business purpose for the sale or sharing.

Right to Delete.You also have the right to ask us to delete any personal information that we have collected about you, subject to certain limitations. We may deny your deletion request if the information is necessary for us or our service providers to, among other things, provide Services you requested, take actions reasonably anticipated in the context of our business relationship with you, perform a contract we have with you, detect and protect against security incidents or illegal activity, comply with a legal obligation, or exercise a right provided for by law.

Right to Opt Out of Sale or Sharing.Certain states and countries provide residents with the right to opt out of the sale of personal information. If you are a resident of a state that provides such right, you have the right to opt out of the sale of your personal information. You may exercise this right by submitting a request as described in the “Submission of Requests” section below.

Right to Nondiscrimination.We do not discriminate against persons who exercise any of their rights described in our Notice.

Additional Rights.Depending on the territorial jurisdiction in which you are a resident of, in certain circumstances you may have certain rights regarding your personal data including:

  • Right to withdraw consent in cases where consent is relied upon;
  • Right to obtain access to or a copy of, correct and erase your personal data;
  • Right to lodge a complaint;
  • Right to object to any automated processing of personal data;
  • Right to restrict, or object to, how we use your personal data;
  • Right to move or provide some of your personal data to other companies;
  • Right to ask us to stop using your personal data;
  • Right to ask why we are using your personal data, what personal data we are using, with whom we are sharing, the period for which it is retained, the source of the personal data where it was not provided by you, and the transfers of the personal data to countries outside the EAA, Switzerland, and the United Kingdom.

In certain circumstances we may not be able to do this or may not be required to do this. If you would like to exercise, or discuss, any of these rights, please see the Submission of Requests section below.

Submission of Requests. You may submit a request regarding your personal information by:
Emailing us at hello@gomerge.com – please provide your name, telephone number, and type of request (that is, a request for categories of information, a request for specific pieces of information, a request to delete, or a request to opt out the sale of your information).

What We May Need from You. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to someone who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Verifying Your Identity: To protect your privacy and security, we will take reasonable steps to verify your identity before providing your personal information and before deleting your information. Only you or someone legally authorized to act on your behalf may make a verifiable request related to your personal information. For example, if you make a request, we will ask you to confirm your name, email address, and/or other information we in our records to verify your identity, so that we can help protect your information.

Requests from Authorized Agents: You may designate an authorized agent to make a request for you. If you designate an authorized agent to make a request on your behalf, we may require you to verify your identity and provide the authorized agent’s identity and contact information to us.

Responses to Requests. We will confirm receipt of your request within 10 business days of receipt and generally will respond to your request within 45 days of receipt. If we need more time to respond, we will inform you of the reason and we may take up to an additional 45 days to respond.

No Fee Usually Required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

CONTACTING MERGE
If you have questions or concerns regarding this Notice, please contact us at hello@gomerge.com.