Privacy Policy

1. Introduction

Welcome to Mercacio.
This Privacy Policy outlines how Mercacio Group SL ("Mercacio," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you access or use our website mercacio.com, any of our subdomains, associated web and mobile applications, and any services we offer (collectively, the “Service”).
We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Spanish Organic Law on Data Protection and Digital Rights (LOPDGDD), and other international privacy standards.

2. Information We Collect

We collect personal data through direct interactions, third-party integrations, and automated technologies. The types of information include:

2.1 Information You Provide Directly

• Identity Information: First name, last name
• Contact Information: Email address, phone number (optional), address, country
• Financial Information: Bank details for withdrawals or remittance (only when needed)
• Verification Information: KYC documentation (if required for regulated services)
• Account Credentials: Password or OAuth login token

2.2 Information from Third-Party Logins

• If you register or log in using Google OAuth:
• We access your Google-verified email address
• Your display name (if provided in your Google profile)
• No other Google account data is accessed
• OAuth is used solely for streamlined login and account creation

2.3 Automatically Collected Data

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, features used, session duration
• Referral Data: Origin site, campaign tags (e.g., UTM tracking)
• Affiliate Tracking Data: Cookies and internal IDs for referral attribution

2.4 Cookies and Tracking Technologies

We use first- and third-party cookies and similar technologies for:

• Ensuring core platform functionality
• Remembering user sessions and preferences
• Monitoring affiliate referrals and campaign performance
• Gathering analytics via tools like Google Analytics
• Retargeting and marketing via platforms like Google Ads

You can manage cookie preferences through your browser settings or platform banner. Our cookie use is categorized as:

• Essential: Necessary for service operation
• Analytics: For understanding user behavior
• Marketing: For advertising and promotional purposes

A detailed cookie policy is available at [link to cookie policy].

3. How We Use Your Information

• Account Creation & Authentication
• Service Delivery & Fulfillment
• Customer Support & Notifications
• Payment Processing via Stripe
• KYC/AML Compliance (if applicable)
• Marketing & Promotional Outreach (with consent)
• User Research & Analytics
• Fraud Prevention & Legal Compliance

All uses of your data are based on at least one legal basis under GDPR: consent, contractual necessity, legal obligation, or legitimate interest. Consent management and withdrawal options are provided on our platform.

4. Sharing and Disclosure of Data

We do not sell your personal data. However, we share your data with:

4.1 Trusted Third Parties

• Payment Processors: Stripe for secure financial transactions
• Cloud Hosting Providers: For website and service infrastructure
• Analytics Tools: Google Analytics for usage insights
• Marketing Services: Email providers, ad platforms (Google Ads)
• Logistics Partners: For order fulfillment and delivery

4.2 Legal and Regulatory Disclosures

• To comply with legal obligations (e.g., court orders, tax audits)
• To respond to lawful government requests
• To defend our rights, users, or third parties
• In connection with fraud prevention, investigations, or risk management

4.3 Business Transactions

If we undergo a merger, acquisition, or asset sale, your personal data may be transferred to the acquiring entity under the same privacy terms.

5. Data Storage and Security

• Hosting: Our primary infrastructure is located in Frankfurt, Germany (EU)
• Security Practices: We use TLS encryption, access controls, secure APIs, firewalls, and data anonymization/pseudonymization where appropriate.
• Access Controls: Only authorized personnel may access personal data
• Retention Periods: We retain personal data only as long as necessary for the stated purpose or legal obligation. Approximate retention periods per data category are detailed in our data retention schedule [link if applicable].

6. Your Data Protection Rights (GDPR)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion (“right to be forgotten”)
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Request data in a machine-readable format
• Right to Object: Object to data processing for legitimate interests or marketing
• Right to Withdraw Consent: Revoke previously given consent at any time

You can exercise your rights by contacting our Data Protection Officer (contact@mercacio.com) or using account tools when available. Request forms and processes are available on our website at [link if applicable].

7. International Data Transfers

Though we primarily operate in Europe, some data may be processed by third-party providers outside the European Economic Area (EEA). We ensure appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Adequacy Decisions by the European Commission
• Binding Corporate Rules or other legal mechanisms

8. Marketing and Communications

• We will only send marketing content if you have explicitly opted in. You can:
• Opt out via the “Unsubscribe” link in our emails
• Manage preferences in your account dashboard
• Request full removal from marketing databases
• Transactional or legally required communications will still be sent.

9. Children’s Privacy

Our Service is not designed for individuals under the age of 16. We do not knowingly collect or process data from minors. If you believe a child has provided us personal data, please contact us immediately at contact@mercacio.com for removal.

10. Google OAuth Integration

• We access only your email address and name (if available). OAuth tokens are stored securely and used for authentication only.
• No additional Google data (e.g., contacts, calendar, drive) is accessed.
• You may revoke access via your Google account’s app permissions panel.

11. Updates to This Policy

• We may periodically update this Privacy Policy to reflect:
• Changes in our services
• New legal requirements
• Updates in third-party services we use

Changes will be communicated via:

• Updates to this page
• Email notices for material changes
• Pop-ups or banners within the platform, if required

Please review this Policy periodically.

12. Contact Information

• Privacy Email: contact@mercacio.com
• Mailing Address: Mercacio Group SL, Calle Bobadilla, Número 24, Avda Chipiona, Cádiz, Spain

13. Data Protection Officer (DPO)

Mercacio Group SL has appointed a Data Protection Officer (DPO) to oversee data protection compliance and to act as a point of contact for privacy matters.
You can contact the DPO at:

• Email: contact@mercacio.com
• Mailing Address: Mercacio Group SL, Calle Bobadilla, Número 24, Avda Chipiona, Cádiz, Spain

The DPO supports the company in monitoring compliance with GDPR and other data protection laws, handling inquiries regarding your privacy rights, and assisting with data protection impact assessments, if applicable.