This Policy is effective as of 05 March 2021.
This Policy applies to any products or services offered by MercuryGate; including our website, any platforms, or mobile applications we may offer (collectively, the “Services”). MercuryGate customers may be required to obtain consent for the collection of Personal Data (as defined below) for carrier management and driver/carrier compliance processes.
Information We Collect or Receive
We collect or receive the following types of personal information (i.e., information that might individually identify a specific person) for our business when we have an appropriate basis:
Information You Voluntarily Choose To Provide
Contact information (e.g., name, business phone number, business email address, billing address, etc.), that customers and potential customers give to us so we can contact them with information about our products and services, and so we can provide these products and services when contracted to do so.
Information Collected When You Use Our Website
We are the sole owners of the information collected on this website (the “Site”). We collect information you voluntarily give us via email or from other direct contact from you. We will not sell or rent this information to anyone.
We will use your information to respond to you regarding the reason you contacted us.
Unless you ask us not to, we may contact you via email in the future to tell you about new products or services or changes to this Policy.
MercuryGate may also collect or receive information about how individuals access this Site. This information may include internet protocol (IP) addresses (or the DNS name associated with it) of the individual's device, the web sites the user visited immediately prior to and upon exiting this Site, and the browser software the individual is using to access this Site. This information is used in to administer our systems and this Site, and to make improvements to and protect this Site.
Information Collected When You Use Our Products
With a MercuryGate account, you can sign in to MercuryGate products/services, as well as those of select MercuryGate partners. Personal information associated with your MercuryGate account includes credentials, device and usage data, name and contact information, information about your interactions with MercuryGate, and partner products.
To enable personalization and consistent experiences across products and devices for your MercuryGate accounts, we track and use visitor and account data. Visitor data includes name, email, role, permissions, business title, location, IP address, first login date, and visitor actions (e.g., saw a webinar, received an email, downloaded a whitepaper, etc.). Account data includes account name, location, industry, size, assigned contacts, and activity (e.g., reports downloaded, data exports, feature usage).
Information Related To Drivers
MercuryGate, operating as a transportation manager, may receive very limited personal information related to drivers. MercuryGate processes that data in the performance of services for and under the direction of our customers. We process this personal information to fulfill our contractual obligations to our customers and premised on the same legal basis they identified to you—such as your consent or fulfilling a contract with you. Personally identifiable information (PII) is only used for MercuryGate Fleet customer’s carrier management and driver/carrier compliance qualification processes.
Personal data collected from individual drivers may include the following: name, address, phone number, email address, social security numbers, driver license numbers, passport numbers, VISA numbers, and green card numbers.
PII is not stored in any transactional data, enabling the data to be amended or deleted without impact to transactions.
How We Use And Share Information
MercuryGate also processes personal information under the direction of our customers. In those instances, such as when we provide driver management services, MercuryGate acts as a processor of the personal information of our customer, the data controller.
MercuryGate may share personal information with service providers, affiliates, contractors, and other third parties who help us perform services such as managing communications, administering this Site, or conducting our business. We permit these third parties to use personal information as needed to deliver services or comply with law.
We will share personal information in the event we sell or transfer all or a portion of our business assets, such as during a merger, acquisition, liquidation, or bankruptcy.
You may visit and browse this Site without providing any personal information, and you can always choose not to provide us with the personal information we request. However, choosing not to provide us with certain information we request may prevent you from accessing or using certain portions of this Site.
You may opt out of any future contacts from us at any time by contacting us through one (1) of the methods listed at the bottom of this Policy.
In addition, you can use the contact information at the bottom of this Policy to do the following at any time:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Express any concern you have about our use of your data.
- Have us delete any data we have about you.
When MercuryGate acts as a controller, MercuryGate offers individuals the opportunity to choose (opt out) whether Personal Data is: (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Individuals will be provided with clear, conspicuous, and readily available mechanisms to exercise their choice.
Additional Rights Available To EEA Residents
If you reside in a European Economic Area (“EEA”) member state and the United Kingdom, and/or Switzerland, and MercuryGate acts as a controller of your personal information, you have the right to request access to your personal information. You also have the right to request that we correct, amend, or delete your personal information. Your request to exercise these rights may be denied under certain circumstances, such as where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, or where the rights of persons other than the individual would be violated. You also may object to the processing of your personal information or request we restrict processing of your personal information.
When MercuryGate is a processor and not a controller, it will take reasonable steps to help the appropriate controller respond and will act on the reasonable direction of its controller customers with respect to access, erasure, rectification, or restricted processing.
You also may have the right to request we transfer your personal information to you or to another controller identified by you. Please note that in cases where your personal information pertains to a clinical trial or similarly confidential study, we may not be able to adhere to your request, but we will work with you and the applicable controller to address your request as fully as possible.
To exercise your rights under this Section, please send your request as described in the “How to Contact Us” Section below. You also have the right to lodge a complaint about our processing of your personal information with your local data protection supervisory authority.
Additional Rights Available To California Residents
If you are a resident of the State of California, you are entitled under California law, including the California Consumer Privacy Act of 2018 (“CCPA”), to certain additional information about, and additional rights with respect to, our collection and disclosure of your personal information. This Section provides additional information and describes those additional rights. This Section applies solely to Site visitors and customers who reside in the State of California and to personal information as defined under CCPA.
Sales And Disclosures Of Personal Information For A Business Purpose
We may disclose your personal information to a third party for a business purpose or sell your personal information, subject to your right to opt-out of those sales.
In the preceding twelve (12) months, we have not sold personal information.
You have the right to direct us to not sell your personal information at any time (the right to “opt-out”). If you opt-in to personal information sales, you may opt-out of future sales at any time.
To exercise your rights under this Section, you (or your authorized representative) should send your request as described in the “How to Contact Us” Section below.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
Other Rights And Choices Regarding Your Personal Information Under CCPA
You have the right to request we disclose certain information to you about our collection, use, and sharing of your personal information over the past twelve (12) months, including (a) the categories of personal information we collected about you; (b) the categories of sources for the personal information we collected about you; (c) our business or commercial purpose for collecting or selling that personal information; (d) the categories of third parties with whom we share that personal information; (e) the specific pieces of personal information we collected about you (also called a data portability request); and (f) if we sold or disclosed your personal information for a business purpose, two (2) separate lists disclosing (i) sales, identifying the personal information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You also have the right to request we delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us through one (1) of the methods in the “How to Contact Us” Section below.
Only you, or a person registered with the California Secretary of State you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We will endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will to the extent technically feasible select a format to provide your personal information that is readily useable and should allow you to transmit the information to another entity without hindrance.
We will not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You have the right not to be discriminated against for exercising any of your CCPA rights. However, to the extent permitted by the CCPA, we may offer you certain financial incentives for the collection or sharing or your personal information that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
How We Protect Personal Information
We take precautions to protect your personal information, including applying reasonable and appropriate administrative, physical, and technical safeguards designed to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved and the nature of the personal information.
Privacy Shield Certification
This Policy describes how MercuryGate processes Personal Data received from the European Union (EU) and the United Kingdom and/or Switzerland in compliance with the Privacy Shield Principles, including the Supplemental Principles (collectively “Principles”), documented in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”). These principles were designed in collaboration with the European Commission and Swiss Administration to provide adequate protections for the transfer of personal data from the European Union (EU) and the United Kingdom and/or Switzerland to the United States and are in accordance with the requirements of the EU General Data Protection Regulation (GDPR). Personal Data may include data relating to customers, drivers, business partners, and other services provided by MercuryGate.
MercuryGate participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. MercuryGate is committed to treating the personal information it receives under the “Privacy Shield” consistent with the Privacy Shield Principles, which can be found here: . MercuryGate has certified to the Department of Commerce it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit: https://www.privacyshield.gov/participant?id=a2zt0000000PEuwAAG&status=Active.
MercuryGate acknowledges it is subject to the jurisdiction of the Federal Trade Commission for compliance and enforcement of the Privacy Shield and Swiss Privacy Shield.
The Privacy Shield Frameworks protect the fundamental rights of anyone in the European Union (EU) and the United Kingdom and/or Switzerland whose personal data is transferred to the United States for commercial purposes and brings legal clarity for businesses relying on transatlantic data transfers. Further information on the Privacy Shield is available from the European Commission here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en. Under certain conditions, more fully described here: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
When MercuryGate acts as a controller and is the recipient of Personal Data, it shall provide the appropriate notice in clear and conspicuous language when individuals are first asked to provide Personal Data to MercuryGate, including identification of our legal bases for processing your Personal Data, or as soon thereafter as is practicable. In addition, when MercuryGate is a controller it will seek consent prior to using Personal Data for any purpose incompatible with that for which it was originally collected or processed.
Data Integrity And Purpose And Retention Limitations
MercuryGate will only collect and process Personal Data in a way that is consistent with, and relevant for, the purpose of processing for which it was collected or authorized by the individual. MercuryGate may use Personal Data for compatible processing purposes, such as those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending MercuryGate’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection.
MercuryGate will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. MercuryGate will take reasonable steps to ensure Personal Data is reliable for its intended use, accurate, complete, and current. MercuryGate will adhere to the Principles for as long as the Personal Data is retained.
Where we act on behalf of our customers, MercuryGate retains Personal Data until our engagement with our customers ends or they direct us to dispose of or return the data. Where we are a controller, we will process Personal Data only so long as is necessary to fulfill the purposes for which it is processed.
Recourse, Enforcement And Liability
For complaints that cannot be resolved, MercuryGate commits to cooperate with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and comply with the advice given by the panel or Commissioner about Personal Data transferred from the EU or Switzerland. In order to facilitate the handling of complaints, individuals in the EU can choose to contact their national DPA or use the form located at this link: http://ec.europa.eu/newsroom/document.cfm?doc_id=42962. Individuals in the United Kingdom can contact the UK Information Commissioner by visiting https://www.gov.uk/data-protection/make-a-complaint. Individuals in Switzerland can contact the Swiss Information Commissioner by visiting https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
This independent dispute resolution process is provided at no cost to the individual. Under certain conditions an individual may choose to invoke binding arbitration to resolve any residual complaints not resolved by MercuryGate, or the DPAs or FDPIC, as appropriate. If an individual formally invokes binding arbitration, MercuryGate will follow the terms set forth in Annex 1 of the Privacy Shield Frameworks. For more information on binding arbitration visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
In compliance with the Privacy Shield Principles, MercuryGate commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact MercuryGate using the options provided at the “How to Contact Us” Section.
MercuryGate has further committed to refer unresolved Privacy Shield complaints to BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint. The services of BBB EU Privacy Shield are provided at no cost to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
In the context of an onward transfer, MercuryGate has responsibility for the processing of Personal Data it receives under the Privacy Shield Frameworks and subsequently transfers to a third party acting as an agent on its behalf. MercuryGate shall remain liable under the Principles if its agent Processes such Personal Data in a manner inconsistent with the Principles, unless MercuryGate proves that it is not responsible for the event giving rise to the damage.
As part of our international operations, we may transfer personal information to any jurisdiction where we do business. When you use this Site or services, you acknowledge we may transfer information about you as described in this Policy.
We may transfer your personal information for any of the purposes identified in this Policy to our subsidiaries, affiliates, and service providers that may be based outside of the jurisdiction where you are located. The laws in those jurisdictions may not provide the same level of data protection compared to the laws in your country. However, we will treat your personal information as subject to the protections described in this Policy.
When we transfer personal information from an entity based in the EEA to entities within our organization, we rely on the EU-U.S. Privacy Shield program or the Swiss-U.S. Privacy Shield program, as applicable. If we transfer personal information from the EEA to another party located outside the EEA, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, Privacy Shield programs, or another framework deemed adequate by the European Commission.
We will indicate at the top of this Policy when it was last updated. We encourage you to periodically review this page for the latest information on our privacy practices. When warranted, we will try to provide additional notice of specific changes to this Policy, either by attempting direct communication with you and/or by posting on this Site.
How To Contact Us
To contact MercuryGate with questions about this Policy, please use one of the contact methods below:
- Complete the contact form: https://university.mercurygate.com/contact-us/
- Call us: +1 (800) 816-1654
- Email us: privacy@MercuryGate.com
MercuryGate Cookies Policy
This Policy is effective as of 05 March 2021.
What Are Cookies
A cookie is a small piece of text sent to your browser by a website you visit. It helps the website to remember information about your visit, like your preferred language, selected preferences, stored login information, and other settings. Each setting can make your next visit to the service easier and the site more useful to you. A cookie file is stored in your web browser and allows the Service or a third party to recognize you and make your next visit easier and the Service more useful to you.
Types Of Cookies
- Cookies can be classified as “persistent” or “session” based
- Cookies can be essential, meaning they are used to authenticate users and prevent fraudulent use of a user account
- Cookies can be third-party based, meaning used by a third party for tracking aggregate-based session information from traffic on the website for analytic purposes
When you use and access the MercuryGate website, We may place cookie files within your web browser.
The purposes of adding cookie files to your browser are: to enable certain functions of the Service, to capture analytical information, to store your preferences, and to enable advertisements delivery, including behavioral advertising.
In addition to Our own cookies, We also use various third-party cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and better tailor the website experience for the end user.
Do Not Track. MercuryGate International does not currently recognize if a browser sends a “do not track” signal or similar mechanism to indicate the user does not wish to be tracked or receive interest-based ads.
Web beacons. MercuryGate and third-party advertisers may use web beacons. Some MercuryGate websites contain web beacons in the form of clear .gif files, which are electronic images that allow for the collection of information about your interactions on Our sites. Web beacons may be used to place advertisements, to understand website traffic patterns and the number of visitors to Our website, and to measure the effectiveness of advertisements or email advertising messages.
Analytics. We and Our customers, their partners and agents, and other third parties may use third-party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects information and opt-out options, please see https://tools.google.com/dlpage/gaoptout.
What Are Your Choices Regarding Cookies
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features We offer. You may not be able to store your preferences, and some of Our pages might not display properly – thus taking away from the overall experience on the MercuryGate website.
On Our website you may find links to external websites – these are provided for your convenience, but We don’t endorse, guarantee, or monitor products, services, or views which they offer or express. Please be aware that these websites should be covered by their own cookie policies.
For Further Information On Cookies We Recommend The Following Pages
You can learn more about cookies and the following third-party websites: