Privacy Policy

Through this Privacy Policy, Mercell informs you about the use of your personal data within our software applications, websites, and release notes.

Your privacy is important to us. Personal data will only be used for the purpose for which they were entered. The way we do this is recorded in the Mercell Nederland ISMS (Information Security Management System), this Privacy Policy and in our Processor Agreement (at the bottom of this page).

This privacy statement is divided into multiple parts: general, Users (relating to the software of Mercell Nederland), use of the website of Mercell Nederland, and the Release notes (digital newsletter). This Privacy Statement applies as of May 25, 2018 and replaces previous statements from Mercell Nederland.


Mercell supplies software (SaaS) in support of purchasing and contract management processes applicable in all markets. We process personal data for the delivery of our products and associated services to users. We process these in our own software and those of sub-processors. We never sell or provide your information to third parties. We will only share your information:

  1. At your request or
  2. in case Mercell is requested to do so by a court.

The processing of personal data is always done in a manner that is in accordance with the requirements set by the General Data Protection Regulation (EU 2016/679 Regulation, hereinafter AVG) and any other legislation and regulations. This Privacy Statement explains in more detail how Mercell deals with such data.

Mercell does not process special personal data of users. The privacy risks of the Mercell processing are low.

This Privacy Statement applies as of May 25, 2018 and replaces previous statements from Mercell.

The software

This section describes the data processing within the Mercell software:

Processing Personal Data of Users

Mercell processes (personal) data of Users (buyers, colleagues, consultants, suppliers etc. Mercell customers receive a license on the software and therefore more functionality.

The same category and type of personal data are processed for all Users. To enable Users to get in touch with each other, they need certain data. In this context Mercell Nederland processes the following data:

  • Salutation;
  • First Name;
  • Insertion;
  • Last name;
  • Phone number
  • E-mail address;
  • (business) address details
  • LinkedIn profile (not required)
  • Photo (not required)

Certain technical data will be gathered during the use of the software. This concerns data required for proper operation of the  software. Depending on the activity you perform with the software, Mercell processes the following data in this context:

  • IP address;
  • Login name;
  • Time of operations in the software.

Mercell processes personal data of its Users; for those data processing operations Mercell is a processor in the sense of the AVG. This means that Mercell processes personal data based on the need and the instructions from its users. The users of Mercell must therefore be regarded as the Processing Officer for this data processing, in the sense of the AVG. Users will have their own privacy policy that Mercell is not responsible for.

Mercell has drawn up a register of processing that is part of a Processing Agreement with users to be concluded. This register can be obtained from Mercell on request.

Right of access, correction or deletion

Requests for inspection, correction or removal can be submitted by the Processor. Individual persons (data subjects) can apply for a request for deletion. They need to request this form the contact person of the Processor who can submit the request to Mercell.

NB: In many cases, the request for deletion will have to take account of archiving principles by law.

The Commercial Website of Mercell

This section describes the data processing within the Mercell website (accessible via

Google Analytics

The website of Mercell uses Google Analytics to measure how often and in which way the website is visited. To perform this measurement, Google will store certain information, such as your IP address, on its servers in the United States. The privacy statement of Google can be consulted (among other things) at Mercell has not allowed Google to use the obtained information for other purposes than for the services provided to Mercell.


In order to analyze the behavior of users on the website, the Hotjar software is also used on the Mercell website. This software carries out measurements and also stores your IP address, device information and visitor behavior. For more information, please visit


Both the website and the software use technical and functional cookies. A cookie is a small text file that the browser places on your computer, smartphone or tablet. Mercell uses cookies to remember your settings and preferences and thereby increase your ease of use. Mercell asks you for permission for this when you visit the Mercell website. You can set in your browser that you do not want to store cookies on your computer. You can read more about this process at You can also delete previously saved cookies.

The Mercell release note

Mercell regularly sends a release note by e-mail to users in which they are informed about new and / or adapted functionality of the software, news about Mercell and related matters. Mercell only adds your data to the release notes file if you have explicitly given permission in your account. It concerns the following data:

  1. Salutation;
  2. First name;
  3. Last name;
  4. E-mail address.

Each release note contains a link with which you can unsubscribe.

Sub-processors Mercell

Mercell Nederland uses the following sub-processors for its hosting

Service Desk software

Customer support questions and requests to Mercell are recorded in special support software. This application is called Freshdesk ( Mercell only adds your personal data to the support software when you submit a support question or request to Mercell.

The recorded data are only used for the purpose for which they are intended, being able to provide support. It concerns the following data:

  1. First name;
  2. Last name;
  3. E-mail address;
  4. Phone number;
  5. Organization;

For more information about the privacy policy of this software, please visit

Other Privacy aspects

Compliance manager

Organizations can appoint an internal supervisor for the processing of personal data. Such a person is called a Compliance manager. The Compliance manager monitors the application and compliance with the Personal Data Protection Act and the General Data Protection Regulation within the organization. Mercell has appointed a compliance manager available at

Reporting duty data leaks

Mercell has developed a procedure for reporting (possible) data leaks. In the event that a (possible) data breach occurs, Mercell will inform its users within 24 hours so that the Processing Officer can report it to the authorities if necessary.