Logo
Privacy & Security

Privacy Policy

Your privacy and data security are our top priorities. Learn how we protect your healthcare information in compliance with global regulations including HIPAA, GDPR, and other privacy laws.

Last Updated: January 2025
Applies Globally

Our Commitment to Privacy

Mercato Agency ("Mercato", "we", "us") is committed to protecting the personal data of our clients, partners, and website users. We are the data controller for personal information collected through our website and related services globally.

Our practices comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Australian Privacy Act (APPs), the New Zealand Privacy Act, and other relevant regulations.

Secure by Design

Enterprise-grade security measures

Compliant

HIPAA, GDPR, CCPA certified

Transparent

Clear data handling practices

Information We Collect

We collect various categories of personal data when you use Mercato's website or services, or when we otherwise interact with you:

Contact Information

  • Name and email address
  • Postal address
  • Phone number
  • Business contact details

Professional Data

  • Job title and employer
  • Business email
  • Industry information
  • LinkedIn profile data

Account Information

  • Login credentials
  • Marketing preferences
  • Communication history
  • Account settings

Technical Data

  • IP address
  • Device and browser data
  • Cookie identifiers
  • Website usage patterns

Special Categories of Data

We may collect sensitive categories of data (health, race, etc.) only if you voluntarily provide them and only with explicit consent. We never collect children's data under 16 without parental consent.

How We Use Your Data

Mercato uses personal data only for legitimate business purposes, based on lawful grounds under GDPR Article 6:

Service Provision & Improvement

Providing and improving our AI-powered marketing and lead-generation services

Legal Basis:Performance of contract & legitimate interests

Communication & Support

Emails, customer support, billing and account management

Legal Basis:Contractual necessity & legitimate interests

Marketing & Analytics

Understanding usage patterns and tailoring content to your preferences

Legal Basis:Consent or legitimate interests

Security & Compliance

Verifying identity, preventing abuse, and complying with legal obligations

Legal Basis:Legal obligation & legitimate interests

Data Sharing & Transfers

We Don't Sell Your Data

We do not sell personal data to third parties for profit. Your information is only shared with trusted service providers who help us deliver our services.

Trusted Service Providers

Cloud Hosting

Google Cloud

Secure data storage and processing

Analytics

Google Analytics

Website usage analysis

CRM Services

Airtable

Customer relationship management

Support Systems

Various

Customer service delivery

International Transfers

Mercato operates globally; personal data may be transferred to countries outside your jurisdiction. For EU/UK transfers, we use EU Commission-approved Standard Contractual Clauses and other approved safeguards.

Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

Encryption

TLS for data in transit, AES-256 for data at rest

Access Controls

Multi-factor authentication and principle of least privilege

Monitoring

Continuous security monitoring and intrusion detection

Compliance

ISO/IEC 27001 and NIST framework alignment

Staff Training

Regular security awareness and best practices training

Incident Response

Comprehensive breach notification and response plan

Your Privacy Rights

Mercato respects your privacy rights under applicable laws. Depending on your location, you may have the following rights:

EU/EEA Residents (GDPR)

Access your personal data
Correct inaccuracies
Erase your data (right to be forgotten)
Restrict processing
Object to processing
Data portability
Withdraw consent
Complain to supervisory authority

California Residents (CCPA/CPRA)

Know what personal information we collect
Delete personal information
Opt out of sale (not applicable - we don't sell)
Limit use of sensitive data
Non-discrimination for exercising rights

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will verify your identity and respond within legal timeframes (typically 30 days).

Response: Within 30 days
No discrimination

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Data Protection Officer

📧 privacy@mercato.com

🏢 Mercato Agency

📍 Attn: Privacy Department

Regulatory Authorities

You may also lodge a complaint with your local data protection authority if you believe your privacy rights have been violated. We are committed to working with authorities to resolve any concerns.

Policy Updates

We may update this Privacy Policy from time to time. Significant changes will be notified on our website or via email. This policy applies globally and incorporates all applicable data protection regulations.