Last updated: June 2026

This Privacy Policy describes how Merith Technologies (“we”, “us”) collects and processes personal data when you visit https://merith-technologies.com (the “Site”) or interact with us. We process personal data in accordance with Regulation (EU) 2016/679 (the “GDPR”) and French Law No. 78-17 of 6 January 1978 as amended (Loi Informatique et Libertés).

1. Data controller

The data controller is:
Merith Technologies, a SARL, registered with the Paris Trade and Companies Register under No. 105 344 352, whose registered office is at 47 rue Vivienne, 75002 Paris, France.
Contact: contact@merith-technologies.com
Data Protection Officer (DPO): Merith Technologies — DPO, 47 rue Vivienne, 75002 Paris, France — contact@merith-technologies.com

2. Data we collect

Depending on your use of the Site, we may collect the following categories of personal data:

Identification and contact data: name, email address, phone number and company name, when you submit our contact form or otherwise get in touch with us.
Business relationship data: correspondence, quotes, orders, billing and order-history information, where you become a client.
Connection and usage data: IP address, browser type, operating system, pages visited, date and time of access, collected through server logs and, subject to your consent, audience-measurement cookies.

We do not collect any “sensitive data” within the meaning of Article 9 GDPR, and the Site is not directed at minors. Fields marked as mandatory in our forms are necessary to respond to your request; if you do not provide them, we may be unable to process it.

3. Purposes and legal bases of processing

We process your personal data for the following purposes, each based on a legal ground provided for in Article 6 GDPR:

Responding to enquiries submitted via the contact form or by email — legal basis: steps taken at your request prior to entering into a contract (Art. 6(1)(b)), or our legitimate interest in responding to you.
Managing the client relationship (quotes, contracts, delivery of services, invoicing, order history) — legal basis: performance of a contract (Art. 6(1)(b)) and compliance with legal obligations, in particular accounting and tax obligations (Art. 6(1)(c)).
Operating and securing the Site, including preventing and combating fraud, spamming and hacking — legal basis: our legitimate interest in ensuring the security and proper functioning of the Site (Art. 6(1)(f)).
Audience measurement and improvement of the Site — legal basis: your consent (Art. 6(1)(a)), except where a strictly audience-measurement tool exempt from consent under CNIL guidelines is used.
Marketing communications (email or SMS campaigns, optional satisfaction surveys) — legal basis: your consent (Art. 6(1)(a)) or, for existing clients and similar services, our legitimate interest (Art. 6(1)(f)), with a right to object at any time. Every marketing message includes an unsubscribe link.

We do not sell your personal data, and we do not use it for automated decision-making producing legal effects concerning you.

4. Data retention

We keep personal data only for as long as necessary for the purposes described above:

Prospect data (contact-form enquiries with no further relationship): up to 3 years after the last contact from you.
Client data: for the duration of the contractual relationship, then archived for the applicable statutory limitation periods (e.g. invoices and accounting records: 10 years under the French Commercial Code).
Server logs and connection data: up to 12 months.
Cookies: a maximum of 13 months; proof of your consent or refusal is kept for 6 months.

At the end of these periods, data is deleted or anonymised, unless its retention is required to comply with a legal obligation or for evidentiary purposes. If we become aware of the death of a user and in the absence of instructions from them, we will delete their data unless retention is necessary for evidentiary purposes or to comply with a legal obligation.

5. Recipients of the data

Within the limits of their respective responsibilities and for the purposes set out above, the persons who may have access to your data are the authorised staff of Merith Technologies (in particular client-service personnel) and our processors (service providers), acting on our documented instructions and exclusively to carry out the purposes of this policy — in particular our hosting provider (OVH SAS, France) and, where applicable, our email, analytics and IT-maintenance providers.

Your personal data is never published without your knowledge, exchanged, transferred, assigned or sold to third parties. Only in the event of an acquisition of Merith Technologies and its rights would such data be transmitted to the acquirer, who would in turn be bound by the same obligations towards you. Data may also be disclosed where required by law or by a competent authority.

6. Transfers outside the European Union

Your data is hosted within the European Union. We do not transfer your data to a country outside the European Union, or to a country not recognised as providing an adequate level of protection by the European Commission, without informing you beforehand and without implementing appropriate safeguards as required by Chapter V of the GDPR (such as an adequacy decision or the European Commission’s Standard Contractual Clauses). We remain free to choose our technical and commercial processors, provided they offer sufficient guarantees with regard to the requirements of the GDPR.

7. Your rights

In accordance with the GDPR and the Loi Informatique et Libertés, you have the following rights over your personal data:

Right of access (Art. 15 GDPR) and right to rectification (Art. 16 GDPR) of inaccurate or incomplete data.
Right to erasure (Art. 17 GDPR), in the cases provided for by law.
Right to restriction of processing (Art. 18 GDPR).
Right to object to processing based on legitimate interest, and to object at any time and free of charge to marketing (Art. 21 GDPR).
Right to data portability for data you have provided, where processing is automated and based on your consent or on a contract (Art. 20 GDPR).
Right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).
Right to define directives regarding the fate of your data after your death and to designate the person to whom (or not) the data should be communicated (Art. 85 of the Loi Informatique et Libertés).

To exercise these rights, contact us by email at contact@merith-technologies.com or by post at: Merith Technologies — DPO, 47 rue Vivienne, 75002 Paris, France, indicating the data concerned by your request. We may ask you for proof of identity only where there is reasonable doubt as to your identity. We will respond within one month of receipt of your request, extendable by two months for complex requests. Deletion requests remain subject to the retention obligations imposed on us by law, in particular regarding the keeping and archiving of documents.

If you consider that your rights have not been respected, you may lodge a complaint with the French supervisory authority, the CNIL (Commission Nationale de l’Informatique et des Libertés): https://www.cnil.fr/fr/plaintes — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.

8. Security and breach notification

We implement appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, disclosure, alteration or destruction, including firewalls, encryption, pseudonymisation where relevant, access controls and password protection. Our networks and hosting infrastructure are located in the European Union.

No method of transmission over the Internet or of electronic storage is completely secure, and we therefore cannot guarantee absolute security. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL within 72 hours and, where the risk is high, inform the affected individuals without undue delay, in accordance with Articles 33 and 34 GDPR, together with the corrective measures taken.

9. Cookies and similar technologies

A cookie is a small file stored on your device (computer, smartphone, tablet) when you visit the Site. It may contain information such as a unique identifier, your browser type, language and display preferences, and the date and time of access. Cookies cannot damage your device.

9.1 Cookies we use

Strictly necessary cookies: required for the operation and security of the Site (e.g. session and consent-preference cookies). These do not require your consent.
Audience-measurement cookies: used to understand how the Site is used (pages visited, searches performed) and improve its content and navigation. These are placed only with your consent, unless configured in a consent-exempt mode in line with CNIL guidelines.
Third-party / social media cookies: if you click on the social network buttons present on the Site (e.g. LinkedIn, X, Facebook), those third parties may place cookies on your device. These cookies are placed only if you have consented to them.

9.2 Your choices

When you first visit the Site, a consent banner allows you to accept or refuse non-essential cookies, with the same degree of simplicity for both choices. Simply continuing to browse the Site does not constitute consent. You may withdraw or modify your choices at any time, free of charge, via the “Cookie settings” link available on the Site, or through your browser settings (described in your browser’s help menu). Your consent is valid for a maximum of 13 months, after which it will be requested again.

If you refuse or delete cookies, your browsing experience may be limited (for example, if we cannot recognise your browser type, language or display settings for technical-compatibility purposes). Merith Technologies declines all liability for the degraded operation of the Site resulting from your refusal of cookies necessary for its functioning.

9.3 Web beacons (“tags”)

The Site may occasionally use web beacons (also known as “tags” or single-pixel GIFs), deployed through a web-analytics partner, to measure visitor responses to the Site and the effectiveness of our actions (for example the number of times a page is opened). Where such a partner stores the corresponding information (including your IP address) outside the European Union, the safeguards described in section 6 apply, and these technologies are subject to the same consent rules as cookies.

10. Changes to this policy

We may update this Privacy Policy at any time, in particular to reflect legal, technical or organisational changes. The date of the latest version is shown at the top of this page. In the event of a substantial change, we will inform you by any appropriate means.