MercuryGate Privacy Policy
This Policy is effective as of 14 February 2023.
This Policy applies to any products or services offered by MercuryGate; including our website, any platforms, or mobile applications we may offer (collectively, the “Services”). MercuryGate customers may be required to obtain consent for the collection of Personal Data (as defined below) for carrier management and driver/carrier compliance processes.
Information We Collect or Receive
We collect or receive the following types of personal information (i.e., information that might individually identify a specific person) for our business when we have an appropriate basis:
Information You Voluntarily Choose To Provide
Contact information (e.g., name, business phone number, business email address, billing address, etc.), that customers and potential customers give to us so we can contact them with information about our products and services, and so we can provide these products and services when contracted to do so.
Information Collected When You Use Our Website
We are the sole owners of the information collected on this website (the “Site”). We collect information you voluntarily give us via email or from other direct contact from you. We will not sell or rent this information to anyone.
We will use your information to respond to you regarding the reason you contacted us.
Unless you ask us not to, we may contact you via email in the future to tell you about new products or services or changes to this Policy.
We receive personal information from Site visitors who submit information directly, such as when they inquire about our services, register to use Site features or receive information, or register for webinars and other events. Such information typically includes name, title, address, phone number, fax number, and e-mail address. If you apply for a job in response to one (1) of the career opportunities on our Site, you will be submitting information to our service provider’s website subject to their privacy policy.
MercuryGate may also collect or receive information about how individuals access this Site. This information may include internet protocol (IP) addresses (or the DNS name associated with it) of the individual's device, the web sites the user visited immediately prior to and upon exiting this Site, and the browser software the individual is using to access this Site. This information is used in to administer our systems and this Site, and to make improvements to and protect this Site.
MercuryGate may use cookies and other technologies on this Site to enhance or improve user experience, including customization of content. A cookie is usually text data a website transfers to the individual's browser from a web server that is stored on the individual's device. Cookies can be utilized to help us provide you with information targeted to your interests, based upon your prior browsing on this Site.
Information Collected When You Use Our Products
With a MercuryGate account, you can sign in to MercuryGate products/services, as well as those of select MercuryGate partners. Personal information associated with your MercuryGate account includes credentials, device and usage data, name and contact information, information about your interactions with MercuryGate, and partner products.
To enable personalization and consistent experiences across products and devices for your MercuryGate accounts, we track and use visitor and account data. Visitor data includes name, email, role, permissions, business title, location, IP address, first login date, and visitor actions (e.g., saw a webinar, received an email, downloaded a whitepaper, etc.). Account data includes account name, location, industry, size, assigned contacts, and activity (e.g., reports downloaded, data exports, feature usage).
Information Related To Drivers
MercuryGate, operating as a transportation manager, may receive very limited personal information related to drivers. MercuryGate processes that data in the performance of services for and under the direction of our customers. We process this personal information to fulfill our contractual obligations to our customers and premised on the same legal basis they identified to you—such as your consent or fulfilling a contract with you. Personally identifiable information (PII) is only used for MercuryGate Fleet customer’s carrier management and driver/carrier compliance qualification processes.
Personal data collected from individual drivers may include the following: name, address, phone number, email address, social security numbers, driver license numbers, passport numbers, VISA numbers, and green card numbers.
PII is not stored in any transactional data, enabling the data to be amended or deleted without impact to transactions.
How We Use And Share Information
With respect to the personal information MercuryGate collects from you, MercuryGate acts as the controller of your personal information. In this capacity, we only collect, use, share, store, or otherwise process your personal information when we have an appropriate basis. For example, we may process your personal information as necessary to provide the services you request, or to enforce or fulfill our obligations under our terms of use that apply to your engagement. Additionally, your personal information may be used for legitimate interests (e.g., providing and improving the products and services, communicating with you, and improving the user-experiences) if doing so is consistent with your rights and appropriate to the context, and to comply with legal obligations. We will retain your personal information so long as reasonably necessary to fulfill these purposes.
MercuryGate also processes personal information under the direction of our customers. In those instances, such as when we provide driver management services, MercuryGate acts as a processor of the personal information of our customer, the data controller.
MercuryGate may share personal information with service providers, affiliatesWe will share personal information in the event we sell or transfer all or a portion of our business assets, such as during a merger, acquisition, liquidation, or bankruptcy.
In limited cases, we may share information with other parties if appropriate to respond to your request or inquiry. We also may share personal information if we have a good faith belief doing so is necessary to comply with law, respond to a legitimate request from law enforcement or other government body, to protect our interests or the health and safety of others, or to enforce our terms of use for this Site and/or our products and services.
Your Choices
You may visit and browse this Site without providing any personal information, and you can always choose not to provide us with the personal information we request. However, choosing not to provide us with certain information we request may prevent you from accessing or using certain portions of this Site.
If you would like to manage cookies used by this Site, the "help" section of the toolbar on most browsers will inform you on how to prevent your browser from accepting new cookies, how to have the browser notify you upon the receipt of a new cookie, or how to disable the use of cookies completely. However, if you configure your browser to decline cookies, certain features of this Site may not function correctly, and you may be required to re-enter any user IDs and passwords more frequently.
You may opt out of any future contacts from us at any time by contacting us through one (1) of the methods listed at the bottom of this Policy.
In addition, you can use the contact information at the bottom of this Policy to do the following at any time:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Express any concern you have about our use of your data.
- Have us delete any data we have about you.
When MercuryGate acts as a controller, MercuryGate offers individuals the opportunity to choose (opt out) whether Personal Data is: (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Individuals will be provided with clear, conspicuous, and readily available mechanisms to exercise their choice.
Additional Rights Available To EEA Residents
If you reside in a European Economic Area (“EEA”) member state and the United Kingdom, and/or Switzerland, and MercuryGate acts as a controller of your personal information, you have the right to request access to your personal information. You also have the right to request that we correct, amend, or delete your personal information. Your request to exercise these rights may be denied under certain circumstances, such as where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, or where the rights of persons other than the individual would be violated. You also may object to the processing of your personal information or request we restrict processing of your personal information.
When MercuryGate is a processor and not a controller, it will take reasonable steps to help the appropriate controller respond and will act on the reasonable direction of its controller customers with respect to access, erasure, rectification, or restricted processing.
You also may have the right to request we transfer your personal information to you or to another controller identified by you. Please note that in cases where your personal information pertains to a clinical trial or similarly confidential study, we may not be able to adhere to your request, but we will work with you and the applicable controller to address your request as fully as possible.
To exercise your rights under this Section, please send your request as described in the “How to Contact Us” Section below. You also have the right to lodge a complaint about our processing of your personal information with your local data protection supervisory authority.
Additional Rights Available To California Residents
If you are a resident of the State of California, you are entitled under California law, including the California Consumer Privacy Act of 2018 (“CCPA”), to certain additional information about, and additional rights with respect to, our collection and disclosure of your personal information. This Section provides additional information and describes those additional rights. This Section applies solely to Site visitors and customers who reside in the State of California and to personal information as defined under CCPA.
Sales And Disclosures Of Personal Information For A Business Purpose
We may disclose your personal information to a third party for a business purpose or sell your personal information, subject to your right to opt-out of those sales.
In the preceding twelve (12) months, we have not sold personal information.
You have the right to direct us to not sell your personal information at any time (the right to “opt-out”). If you opt-in to personal information sales, you may opt-out of future sales at any time.
To exercise your rights under this Section, you (or your authorized representative) should send your request as described in the “How to Contact Us” Section below.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
Other Rights And Choices Regarding Your Personal Information Under CCPA
You have the right to request we disclose certain information to you about our collection, use, and sharing of your personal information over the past twelve (12) months, including (a) the categories of personal information we collected about you; (b) the categories of sources for the personal information we collected about you; (c) our business or commercial purpose for collecting or selling that personal information; (d) the categories of third parties with whom we share that personal information; (e) the specific pieces of personal information we collected about you (also called a data portability request); and (f) if we sold or disclosed your personal information for a business purpose, two (2) separate lists disclosing (i) sales, identifying the personal information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You also have the right to request we delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us through one (1) of the methods in the “How to Contact Us” Section below.
Only you, or a person registered with the California Secretary of State you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We will endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will to the extent technically feasible select a format to provide your personal information that is readily useable and should allow you to transmit the information to another entity without hindrance.
We will not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You have the right not to be discriminated against for exercising any of your CCPA rights. However, to the extent permitted by the CCPA, we may offer you certain financial incentives for the collection or sharing or your personal information that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
How We Protect Personal Information
We take precautions to protect your personal information, including applying reasonable and appropriate administrative, physical, and technical safeguards designed to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved and the nature of the personal information.
EU-US Data Privacy Framework (EU-US DPF), The UK Extension To The EU-US DPF, And The Swiss-US Data Privacy Framework (Swiss-US DPF) Certification
This Policy describes how MercuryGate processes Personal Data received from the European Union (EU), the UK (including Gibraltar), and/or Switzerland in compliance with the Data Privacy Framework Principles, EU-U.S. DPF, the UK Extension to the EU-US DPF and the Swiss-U.S. DPF. These principles were designed in collaboration with the European Commission, the United Kingdom, and Swiss Administration to provide adequate protections for the transfer of personal data from the European Union (EU) and the United Kingdom and/or Switzerland to the United States and are in accordance with the requirements of the EU General Data Protection Regulation (GDPR). Personal Data may include data relating to customers, drivers, business partners, and other services provided by MercuryGate.
Scope
MercuryGate complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. MercuryGate has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. MercuryGate has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
.MercuryGate acknowledges it is subject to the jurisdiction of the Federal Trade Commission for compliance and enforcement of the Data Privacy Frameworks.
The Data Privacy Frameworks protect the fundamental rights of anyone in the European Union (EU) and the United Kingdom (including Gibraltar) and/or Switzerland whose personal data is transferred to the United States for commercial purposes and brings legal clarity for businesses relying on transatlantic data transfers.
Notice
When MercuryGate acts as a controller and is the recipient of Personal Data, it shall provide the appropriate notice in clear and conspicuous language when individuals are first asked to provide Personal Data to MercuryGate, including identification of our legal bases for processing your Personal Data, or as soon thereafter as is practicable. In addition, when MercuryGate is a controller it will seek consent prior to using Personal Data for any purpose incompatible with that for which it was originally collected or processed.
Data Integrity And Purpose And Retention Limitations
MercuryGate will only collect and process Personal Data in a way that is consistent with, and relevant for, the purpose of processing for which it was collected or authorized by the individual. MercuryGate may use Personal Data for compatible processing purposes, such as those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending MercuryGate’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection.
MercuryGate will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. MercuryGate will take reasonable steps to ensure Personal Data is reliable for its intended use, accurate, complete, and current. MercuryGate will adhere to the Principles for as long as the Personal Data is retained.
Where we act on behalf of our customers, MercuryGate retains Personal Data until our engagement with our customers ends or they direct us to dispose of or return the data. Where we are a controller, we will process Personal Data only so long as is necessary to fulfill the purposes for which it is processed.
Recourse, Enforcement And Liability
In compliance with the Principles, MercuryGate commits to resolve complaints about our collection or use of your Personal Data. European Union (EU) and the United Kingdom and/or Swiss individuals with inquiries or complaints regarding MercuryGate’s Data Privacy Framework Privacy Policy should first contact MercuryGate directly. MercuryGate will respond to issues and complaints within forty-five (45) days of receipt. MercuryGate encourages interested persons to raise any concerns about the collection, use, or processing of Personal Data using the contact information provided. In the event of a privacy related issue or complaint, MercuryGate will investigate and attempt to promptly resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.
MercuryGate has further committed to refer unresolved privacy complaints under the Data Privacy Framework program to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
HUMAN RESOURCES COMPLAINTS
For complaints that cannot be resolved, MercuryGate commits to cooperate with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and comply with the advice given by the panel or Commissioner about human resources transferred from the EU, the UK or Switzerland. In order to facilitate the handling of complaints, individuals in the EU can choose to contact their national DPA or use the form located at this link: http://ec.europa.eu/newsroom/document.cfm?doc_id=42962. Individuals in the United Kingdom can contact the UK Information Commissioner by visiting https://www.gov.uk/data-protection/make-a-complaint. Individuals in Switzerland can contact the Swiss Information Commissioner by visiting https://www.edoeb.admin.ch/kontakt/index.html?lang=en
This independent dispute resolution process is provided at no cost to the individual. Under certain conditions an individual may choose to invoke binding arbitration to resolve any residual complaints not resolved by MercuryGate, or the DPAs or FDPIC, as appropriate.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
In the context of an onward transfer, MercuryGate has responsibility for the processing of Personal Data it receives under the Data Privacy Framework Principles and subsequently transfers to a third party acting as an agent on its behalf. MercuryGate shall remain liable under the Principles if its agent Processes such Personal Data in a manner inconsistent with the Principles, unless MercuryGate proves that it is not responsible for the event giving rise to the damage.
International Transfers
As part of our international operations, we may transfer personal information to any jurisdiction where we do business. When you use this Site or services, you acknowledge we may transfer information about you as described in this Policy.
We may transfer your personal information for any of the purposes identified in this Policy to our subsidiaries, affiliates (Cheetah Software Systems, LLC, Cleartrack Information Network, LLC, TranSolutions, LLC, and International Trade Systems, LLC), and service providers that may be based outside of the jurisdiction where you are located. The laws in those jurisdictions may not provide the same level of data protection compared to the laws in your country. However, we will treat your personal information as subject to the protections described in this Policy.
When we transfer personal information from an entity based in the EEA to entities within our organization, we rely on the EU-U.S. Privacy Shield program or the Swiss-U.S. Privacy Shield program, as applicable. If we transfer personal information from the EEA to another party located outside the EEA, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, Privacy Shield programs, or another framework deemed adequate by the European Commission.
When we transfer personal information from an entity based in the EEA to entities within our organization, we rely on the EU-U.S. Data Privacy Framework (EU-U.S. DPF)_program, the UK Extension to the EU-US DPF or the Swiss-U.S. Data Privacy Framework (Swiss-US DPF) program, as applicable. If we transfer personal information from the EEA to another party located outside the EEA, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, DPF programs, or another framework deemed adequate by the European Commission.
Updates To Our Privacy Policy
We will indicate at the top of this Policy when it was last updated. We encourage you to periodically review this page for the latest information on our privacy practices. When warranted, we will try to provide additional notice of specific changes to this Policy, either by attempting direct communication with you and/or by posting on this Site.
How To Contact Us
To contact MercuryGate with questions about this Policy, please use one of the contact methods below:
- Complete the contact form: https://university.mercurygate.com/contact-us/
- Call us: +1 (800) 816-1654
- Email us: privacy@MercuryGate.com
MercuryGate Cookies Policy
This Policy is effective as of 05 March 2021.
MercuryGate International, Inc. (“Us”, “We”, or “Our”) uses cookies on the website https://university.mercurygate.com (“the service”). By using the Service, you consent to the use of all, selected, or no cookies.
Our Cookies Policy explains what cookies are, how We use cookies, how third parties We may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.
What Are Cookies
A cookie is a small piece of text sent to your browser by a website you visit. It helps the website to remember information about your visit, like your preferred language, selected preferences, stored login information, and other settings. Each setting can make your next visit to the service easier and the site more useful to you. A cookie file is stored in your web browser and allows the Service or a third party to recognize you and make your next visit easier and the Service more useful to you.
Types Of Cookies
- Cookies can be classified as “persistent” or “session” based
- Cookies can be essential, meaning they are used to authenticate users and prevent fraudulent use of a user account
- Cookies can be third-party based, meaning used by a third party for tracking aggregate-based session information from traffic on the website for analytic purposes
How MercuryGate Uses Cookies
When you use and access the MercuryGate website, We may place cookie files within your web browser.
The purposes of adding cookie files to your browser are: to enable certain functions of the Service, to capture analytical information, to store your preferences, and to enable advertisements delivery, including behavioral advertising.
Third-Party Cookies
In addition to Our own cookies, We also use various third-party cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and better tailor the website experience for the end user.
Do Not Track. MercuryGate International does not currently recognize if a browser sends a “do not track” signal or similar mechanism to indicate the user does not wish to be tracked or receive interest-based ads.
Web beacons. MercuryGate and third-party advertisers may use web beacons. Some MercuryGate websites contain web beacons in the form of clear .gif files, which are electronic images that allow for the collection of information about your interactions on Our sites. Web beacons may be used to place advertisements, to understand website traffic patterns and the number of visitors to Our website, and to measure the effectiveness of advertisements or email advertising messages.
Analytics. We and Our customers, their partners and agents, and other third parties may use third-party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects information and opt-out options, please see https://tools.google.com/dlpage/gaoptout.
What Are Your Choices Regarding Cookies
Upon arrival to the MercuryGate website you will have your option of cookie preferences. You will be presented with the opportunity to accept all cookies, select specific cookies to accept, or to not accept cookies at all. If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser for further instruction.
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features We offer. You may not be able to store your preferences, and some of Our pages might not display properly – thus taking away from the overall experience on the MercuryGate website.
External Links
On Our website you may find links to external websites – these are provided for your convenience, but We don’t endorse, guarantee, or monitor products, services, or views which they offer or express. Please be aware that these websites should be covered by their own cookie policies.
Cookie Policy Changes
MercuryGate International may change this cookie policy from time to time. When such a change is made, We will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this cookie policy occasionally so you’re aware of any changes. By using Our website you accept this policy and We may store and access cookies on your device.
For Further Information On Cookies We Recommend The Following Pages
You can learn more about cookies and the following third-party websites:
- AllAboutCookies: http://www.allaboutcookies.org/
- Network Advertising Initiative: http://www.networkadvertising.org/