Back to Home

GDPR Compliance

General Data Protection Regulation

1. Introduction

Merovia is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines how we comply with GDPR requirements and explains your rights as a data subject.

While Merovia is based in the United States (30 N Gould St, Sheridan, WY 82801), we recognize and respect the data protection rights of individuals in the European Union and European Economic Area.

2. Data Controller

Merovia

30 N Gould St, Sheridan, WY 82801

United States

Email: contact@merovia.co

Phone: +1 775 618 3683

3. Legal Basis for Processing

We process personal data only when we have a legal basis to do so under GDPR Article 6:

3.1 Consent (Article 6(1)(a))

You have given clear consent for us to process your personal data for specific purposes, such as marketing communications or optional features.

3.2 Contract Performance (Article 6(1)(b))

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

3.3 Legal Obligation (Article 6(1)(c))

Processing is necessary for compliance with legal obligations, such as tax reporting or law enforcement requests.

3.4 Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests, such as fraud prevention, network security, or improving our services, provided your rights do not override these interests.

4. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

4.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with information about how it is processed.

4.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

4.3 Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required for compliance with a legal obligation

4.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

4.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

4.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

4.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

  • Email: contact@merovia.co with subject line "GDPR Request"
  • Phone: +1 775 618 3683
  • Mail: Merovia, 30 N Gould St, Sheridan, WY 82801, USA

We will respond to your request within one month, as required by GDPR. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

To protect your privacy, we may need to verify your identity before processing your request.

6. Data Processing Activities

6.1 Personal Data We Collect

  • Contact information (name, email, phone number, address)
  • Account credentials and authentication data
  • Usage data and analytics
  • Technical data (IP address, browser type, device information)
  • Communications and correspondence

6.2 Purposes of Processing

  • Providing and maintaining our services
  • Customer support and communications
  • Service improvement and analytics
  • Security and fraud prevention
  • Marketing (with consent)
  • Legal compliance

6.3 Data Recipients

We may share your personal data with:

  • Service providers (cloud hosting, email services)
  • Professional advisors (lawyers, accountants)
  • Law enforcement and regulatory authorities (when legally required)
  • Business partners (with your consent)

7. International Data Transfers

As a US-based company, we may transfer personal data from the EU/EEA to the United States. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)
  • Other appropriate safeguards as permitted by GDPR

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: Duration of account + 3 years
  • Service records: 7 years (for business and accounting purposes)
  • Marketing data: Until consent is withdrawn or 2 years of inactivity
  • Support communications: 3 years
  • Analytics data: 26 months

9. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and audits
  • Employee training on data protection
  • Incident response and breach notification procedures

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all breaches and our response measures
  • Take immediate steps to contain and remediate the breach

11. Children's Data

Our services are not directed to children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without proper parental consent, we will take steps to delete it promptly.

12. Supervisory Authority

If you are located in the EU/EEA and believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

A list of supervisory authorities can be found at:https://edpb.europa.eu/about-edpb/board/members_en

13. Updates to This Page

We may update this GDPR compliance information from time to time. Any changes will be posted on this page. We encourage you to review this page periodically for the latest information on our GDPR practices.

14. Additional Resources

For more information about our data practices, please review:

15. Contact Information

For any questions or concerns regarding GDPR compliance or to exercise your rights:

Merovia - Data Protection

30 N Gould St, Sheridan, WY 82801

United States

Email: contact@merovia.co

Phone: +1 775 618 3683

Your privacy matters to us. We are committed to protecting your personal data and respecting your rights under GDPR.

If you have any questions or wish to exercise your rights, please don't hesitate to contact us.