Privacy Notice
Last Modified: 2/29/2024
Version: 2.2
This Privacy Notice lets you know how Merit International, Inc. (“Company,” “us,” or “we”) may collect, use, and share your Personal Information, and the choices that are available to you to protect this information. We respect your privacy and we value the importance of securing this information, which is why we take significant measures to safeguard your Personal Information while we offer industry-leading verified digital identity services.
Applicability
This Privacy Notice applies to our online platform, including the associated platforms and mobile applications (“App”) as well as our websites: www.merits.com, knowledge.merits.com, app.merits.com, keep.ks.gov, help.keep.ks.gov, aceohio.org, help.aceohio.org, parentalchoice.ok.gov, and help.parentalchoice.ok.gov (the “Site”) and other interactions (e.g., customer service and other communications) you may have with our Company (the “Service” or the “Services”).
This Privacy Notice does not apply to any third-party applications or software that integrate with the Services through our platform (“Third-Party Services”) or any other third-party products, services or businesses, including Organizations. Each of these Third-Party Services are responsible for their own applicable privacy practices; please refer to their privacy notices to review your rights.
This Privacy Notice applies to individuals globally, however there is additional information related to International Transfers and California Residents. Please refer to those sections if they apply to you.
Your Consent
By using our Services, visiting our Site, or otherwise interacting with our Company (e.g. by submitting a ticket or interacting with our content) you consent to the collection and use of your Personal Information in accordance with this Privacy Notice.
If you do not agree to the terms of this Privacy Notice do not access or use our Site or Services.
Definitions
For purposes of this Privacy Notice:
- “Personal Information” means any information relating to you in identified or identifiable form such as your name, your email address, or your IP address.
- “Merit” means a statement about your activities and accomplishments that an Organization may submit to us so we can issue a Merit to you. To learn more about our services please visit our website.
- “Organization” means any organization which has submitted information about you to us so that we can send you Merits and deliver our Services.
What Information We Collect About You
We collect pieces of information from you and about you in connection with the use of our Services. Some of this data may include information that identifies you or your device(s) or is reasonably associated with you, this is Personal Information. We collect Personal Information from the following sources:
- Information you choose to give us;
- Information from Organizations that we work with to issue Merits to you;
- Information we receive from apps and developers;
- Information we receive from third parties; and
- Information that is automatically collected from you.
The following are categories of data that we may have collected about you from one of these sources while providing our Services:
- Identifiers (such as your name, address, email address, and IP address);
- Customer records information (such as your signature, identification number, financial information, account information);
- Legally protected characteristics (such as age, citizenship, sex, veteran or military status);
- Financial data (such as billing information);
- Internet or other network or device activity (such as browsing history or app usage);
- Location information (inferred from your IP address or location based services);
- Professional or employment-related data (such as business affiliation, job title, and your work contact details);
- Other information that identifies or can be reasonably associated with you.
We may also collect, use, and disclose aggregated or de-identified data that does not reasonably identify you and is not considered Personal Information.
Information You Choose To Give Us
We collect Personal Information from you when you visit our Site; create an account for our Service to receive Merits; use our Services; request a demo, subscribe to our content or download our whitepapers; respond to a survey; post reviews; provide testimonials; communicate with us through third-party social media sites; fill out a form; attend an event; apply for a job; request customer support; or otherwise interact with us.
You may give us permission to use the information contained in your Merits so that you may receive advertisements or promotions related to your interests and Merits.
This type of Personal Information may include:
- Personal details such as information that identifies you or reasonably relates to you, including your name, user ID, email address, mailing address, phone number, or your date of birth;
- Marketing data such as your email preferences for promotional materials about our Services and information about your use of our Services;
- Credential information such as authentication information, password hints, or similar security information that we use to identify you and secure your account;
- Event data such as your contact information and a record of your participation in our events as an attendee or presenter;
- Candidate data such as employment history, qualifications, academic records, and any other information that you provide to use when you apply for a job with our Company such as your resume, cover letter, and background & reference check verification information;
- Your feedback about our Services, our Site, or other interactions that we have with you during the course of doing business with you; or
- Information that relates to or is capable of being associated with you, such as age, gender, date of birth, photo, and any other information you choose to provide.
Information From Organizations
We collect Personal Information about you from the Organizations that we do business with in order to issue Merits to you and deliver our Services. The information contained within each Merit varies depending on the type of Organization that we work with in order to deliver our Services. This information could include Personal Information such as your name, email address, contact information, mailing address, and additional sensitive information such as your driver’s license number, date of birth, license numbers, ID numbers and Health Information (defined further below).
Organizations, through their authorized administrators (an “Authorized User”) may share your Personal Information with us so that you may easily claim and access your Merits. Please review the applicable privacy practices of each Organization with which you have a relationship (i.e. who issues Merits to you through our Service) to understand the basis on which they have shared information with us and their policies with regard to protecting your Personal Information.
Health Information
Based on our relationship with some Organizations in the healthcare industry, we may collect Personal Information about you that falls into these categories and is collectively referred to as “Health Information”:
- “Protected Health Information” is individually-identifiable health information that is created or received by or on behalf of a Covered Entity (for example, a healthcare provider or health plan) and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. Protected Health Information is further defined by the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and is subject to the protections of HIPAA.
- “Additional Health Information” is a subset of Health Information that does not fall within the category of Protected Health Information above. For example, this would encompass information related to past, present or future physical or mental health or conditions; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual but with the difference that such information was not created or received by us from or on behalf of a covered entity. We may collect Additional Health Information in connection with the Service.
We only collect, process, or store “Protected Health Information” and “Additional Health Information,” (collectively “Health Information”) to provide Services to Organizations to issue Merits, in accordance with HIPAA requirements, and the contractual agreements we have with our healthcare customers i.e. Organizations. Should you have any questions or concerns about how your Health Information is processed by our Company, please review the privacy notice from the Organization with which you have a relationship with to understand the basis upon which they have shared information with us and their policies with regard to your Health Information. In the event that there is a conflict or inconsistency about the handling of Health Information between (i) this Privacy Notice and (ii) our compliance obligations with HIPAA and contractual commitments with the applicable Organization, the latter will govern.
Information Collected Automatically
When you use our Site or Services, certain information is automatically generated and stored about you and/or your visits. This information may include the following:
- details about how you’ve used our Services;
- device information, such as your web browser type and language;
- access times;
- pages viewed;
- IP address;
- identifiers associated with cookies or other technologies that may uniquely identify your device or browser; and
- pages you visited before or after navigating to our Site.
Cookies
Like most online services and mobile applications, we may use cookies and other technologies, such as web beacons and unique advertising identifiers, to collect information about your activity, browsers, and your device. We may also use these cookies to collect general usage, volume and statistical information. Some cookies may remain on your computer after you leave the Service. To learn more about how we use cookies and your choices, please review our Cookie Policy.
Location-Based Services
The device you use to access the Service may provide your location to the Service. If you enable the location-based features on your device, we will automatically receive information about your location when you use the Service. Your device may allow you to deactivate location-based services. If you deactivate location-based services, your device should no longer send information about your location to third parties, including our Company, but be advised that if you turn off location-based services on your device, certain aspects of the Service may not be available to you.
Analytics
We may engage third parties for analytics activities, including as provided for below:
- Google Analytics. We may use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. This analytics data is not tied to any Personal Information. For more information please visit Google Analytics. You can opt out of Google’s collection and processing of data generated by your use of the Services.
- Mixpanel. We may use services by Mixpanel, Inc. to obtain analytics data regarding users’ interactions with our Services. You may opt-out of Mixpanel’s automatic retention of data that is collected while using the Services. To track opt-outs, Mixpanel uses a persistent opt-out cookie placed on your device. Please note that if you get a new computer, install a new browser, erase or otherwise alter the browser’s cookie file (including upgrading certain browsers), you may remove the Mixpanel opt-out cookie.
Information from Apps and Developers
If you elect to use our App to access our Services, we may receive information, including Personal Information, that you have provided to the App or that the App may otherwise collect from or about you.
Information From Third Parties
If you log in to the Service using credentials associated with your account at third-party services such as Facebook, LinkedIn or Twitter (each, a “Third-Party Service”), you allow our Company to access certain information associated with your account with the Third-Party Service. The information you allow us to access may vary according to the privacy settings you establish with the Third-Party Service. We encourage you to review the privacy policies of any Third-Party Services from which you access their services.
How We Use Your Information
We process all Personal Information that we receive from an Organization (“Organization Data”) in accordance with the Organization’s instructions, the contractual agreement between our Company and the Organization, and as required by applicable law. Under applicable data privacy laws, our Company is a processor of Organization Data and the Organization is the controller of Organization Data. The controller, i.e. the Organization, is solely responsible for ensuring the accuracy, integrity, legality and completeness of the Organization Data we process to issue Merits. The Organization may, for example, use the Services to grant you a Merit, access, modify, export, share and remove Organization Data and otherwise apply its policies to the Services.
We use your Personal Information in order to provide you with our Services, to interact with you with your consent, and to help verify your identity with the Organizations that we do business with. Here are some of the ways we may do that:
- Enabling you to share Merits. We may use Personal Information to confirm your identity so you are able to display a Merit to third parties.
- Sending you communications. We may use email to respond to support inquiries or to share information about our Services and promotional offers or those of your third parties, including Organizations that we think may be of interest to you. Email help@gomerits.com to modify your modify your email or other privacy settings.
- Engaging in transactions. If you are an Authorized User acting on behalf of your Organization, we may use your Personal Information such as name, physical address, telephone number, email address to engage in transactions with you, including contacting you about your account or transactions. We may also use your Personal Information to bill your Organization and to process payments for the Service.
- Improving our Site and Services. We may use your Personal Information, including the information gathered as a result of site navigation and electronic protocols and cookies (including third-party cookies) to enhance the safety and security of our Site and Services, to prevent fraud or unauthorized usage, to monitor and analyze trends and usage, to improve the quality of the Site and the Service, to better serve you and enhance your experience with the Site and the Service, and to track marketing campaign responsiveness and evaluate page response rates.
- Billing, account management and other administrative matters. Our Company may need to contact you for invoicing (only if you are an Authorized User), account management and similar reasons. We use account data to administer accounts and keep track of each Organization’s billing and payments.
- Enforcing our Terms of Service and other Usage Policies.
- To investigate and help prevent security issues and abuse.
- As required by applicable law, legal process or regulation.
How We Share Your Information
This section describes how our Company may share and disclose your Personal Information. Each Organization that issues Merits through our Services develops their own policies and practices to share and disclose Organization Data to our Company. We do not control how Organizations or third parties choose to share or disclose Organization Data. When we share information with third parties for a business purpose, we enter into a contractual agreement that describes the purpose and requires that the recipient keeps the information confidential and does not use it for any purpose other than performance of the contract. Here are some ways in which we may share your Personal Information:
- Organization’s instructions. We may share Personal Information that we have access to in accordance with the agreement that we have with an Organization under their instructions and in compliance with any applicable laws and regulations.
- To operate the Service. We may share your Personal Information with third-party service providers who perform services on our behalf (such as providing hosting or maintenance services, managing databases, processing payments, or supporting/improving the features of the Site or the Service). We set forth additional information about the sub-processors we use to support delivery of our Services.
- Organization access. Authorized Users and other Organization representatives and personnel may be able to access, modify, or restrict access to Organization Data. For example, if you would like to modify, update, or delete a Merit, this is the responsibility of your Organization. We do not have the ability to modify or update the metadata contained within your Merits.
- Third-Party Services. An Organization may enable or permit you to enable Third-Party Services. When enabled, our Company may share your Personal Information with Third-Party Services. Third-Party Services are not owned or controlled by our Company and third parties that have been granted access to your Personal Information may have their own policies and practices for data collection and use. Please check the privacy settings and notices provided by these Third-Party Services or contact the Organization for any questions.
- For legal reasons. We may share information about you if we reasonably believe that disclosing the information is needed to:
- respond to claims and/or legal process (including subpoenas);
- protect the rights, property, safety of our Company or any other person;
- to prevent or stop any illegal, unethical, or legally actionable activity;
- comply with applicable laws or regulations;
- respond to any lawful request by public authorities, including, without limitation, to meet national security or law enforcement requirements; and
- to investigate, remedy or enforce any potential violations of our Terms of Service.
- When aggregated or anonymized. We may share aggregated or anonymized information that does not directly identify you with our investors, partners, and other third parties for a variety of business purposes (this is not Personal Information). Such aggregated information may include, among other things, the number of users, countries of residence, average page views per session, and the average length of time as a member.
- During a change in our business. If our Company engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all of your Personal Information may be shared or transferred, subject to standard confidentiality agreements.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of our Company or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With your consent or at your direction. We will share your Personal Information with your consent or at your direction, including if we notify you through the Service that the information you provide will be shared in a particular manner, and you choose to provide such information.
Over the last twelve months, we have not sold any Personal Information.
How We Retain Your Information
Our Company will retain Organization Data in accordance with an Organization’s instructions, and as required by applicable law. Please Note: If you or an Organization asks us to delete Organization Data, we will delete such data as soon as reasonably practicable. For more detail about our process should you wish to delete Organization data please contact us at privacy@merits.com. Unless you submit a request to the Organization who issued the Merit or you reach out to us directly, we will retain your Merits and the associated Personal Information contained in them for as long as you have an account with us. Once you have deactivated your account, we will only keep your Personal Information for the period of time needed for by our Company to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes and enforce our agreements.
We may retain certain information as required by law, or for business reasons as we deem necessary to fulfill the purposes identified in this Privacy Notice. We may also retain cached or archived copies of your information (including location information) for a certain period of time.
Your Rights and How to Exercise Them
You have the right to request a disclosure of the information that we have access to. More specifically, you can review, access, correct, amend, or request the deletion of Personal Information that we have access to. You have the right to object to the use of your Personal Information.
We want to remind you that updating your account information will not update any inaccurate information contained within your Merits. If you would like to change any information relating to your Merits, or remove a Merit from our platform, you must contact the Organization that issued the Merit directly. If you would like us to pass an email message on to your Organization, we would be happy to do so. Please contact us at help@merits.com and we will pass that request on to the relevant Organization via email.
To exercise your rights under this Notice, please send an email to privacy@merits.com with “Request related to my Privacy Information” in the subject line of your email or call us at 1-833-4MERITS.
Once we receive your request, we will ask you for some additional information to ensure that we can verify your identity and then we will respond to your request within a reasonable amount of time. We aim to respond to verifiable consumer requests within 45 days of receipt. If we need more time (no more than 90 days), we will inform you of the extension via email. If you have an account with us, we will reply back to the email address associated with your account. If you do not have an account with us, we will respond to the email address that we received from you when you sent in your request.
Please note: Certain information about yourself will always be visible to other users of the Service, and your decision to use the Service indicates your acceptance of these settings.
How to Opt-Out or Deactivate Your Account
You may opt out from receiving promotional communications from us by following the instructions in those communications. If you opt out, we may still send you other kinds of communications, including those related to your current accounts or your use of the Service, however you should no longer receive promotional communications from us, unless you opt back in. If you have any issues with your opt-out, please contact help@merits.com and our team will help you.
Should you decide that you no longer wish to maintain your account with our App, you can use this link to request that we deactivate your account at https://merits.com/opt-out. Please be mindful that, by deactivating your account, you will no longer have access to any Merits that have been issued to you through our platform. If any Organization sends you another Merit in the future using a different email address, you will be reinvited. Therefore, please complete the opt-out process for every email address that is associated with your profile. If you ever wish to opt back in, please email help@merits.com or create a new account.
Our Security Practices
We implement security safeguards designed to protect your data, such as HTTPS, encryption technologies, and the technical safeguards outlined by the HIPAA Security Rule where applicable. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. You can learn more about our security practices.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at privacy@merits.com. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a complex password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Links to Third-Party Websites
To enhance your experience while using this Site or our Services, we may provide links to third-party sites, including sites hosted by Organizations (“Linked Sites”). If you choose to visit a Linked Site by clicking on an advertisement, hyperlink, or otherwise, you will be directed to that third party's Linked Site. Our Company is not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Sites. Linked Sites may collect additional Personal Information in addition to what we collect as defined in this Privacy Notice. The fact that we link to a Linked Site is not an endorsement, authorization, or representation of our affiliation with that third party. Those sites are beyond our control. Those other websites may place cookies or other files on your computer, collect your data, or solicit Personal Information from you. Your interactions with those Linked Sites are subject to their own privacy policies and terms of use. We encourage you to review the applicable privacy practices on each Linked Site’s privacy notice to understand how your Personal Information is collected and processed on such Linked Sites before providing your information to them. Any concerns related to the collection of information on applicable Linked Sites should be directed to the third-party’s privacy team.
“Do Not Track” Disclosure
Certain laws require us to indicate whether or not we honor your browser’s “Do Not Track” settings concerning targeted advertising. At this time, our Company adheres to the privacy practices detailed in this Privacy Notice and does not respond to Do Not Track browser requests.
No Use By Minors
Our Service is intended for use by adults only. Our Company does not promote the Service to children, and does not intentionally collect any personally identifiable information from children under the age of thirteen (13). If you believe that a person under the age of thirteen (13) has disclosed personally identifiable information through the Service, please report this to us immediately by emailing us at privacy@merits.com, with “Notice of Underage Person” in the subject line of your email, and we will remove such information from our files.
International Transfers
Our Services are hosted and operated in the United States by our Company and our third-party service providers. By using our Services, you acknowledge that your Personal Information may be transferred to or accessed, processed, and stored within the United States or other countries for the delivery of our Services. By submitting your Personal Information to us, you consent to such transfers and to the processing and storage of that information in various countries around the world, including countries other than the one in which you reside.
Where required by applicable laws, we will take appropriate measures to ensure adequate protection of Personal Information when transferred internationally and, if necessary, seek your prior consent. Such measures may include the use of data transfer agreements with Organizations or adhering to data privacy safe harbor programs. For instance, if you are located in the European Economic Area (“EEA”), we may store your Personal Information as described in this Notice outside of the EEA in countries such as the United States. When we transfer EEA Personal Information to a third party located in a country not recognised by the European Commission or a country with inadequate safeguards in place, we will take appropriate steps, such as implementing Standard Contractual Clauses with Organizations recognized by the European Commission and implementing organizational measures.
As described above under the “Information You Choose to Give Us” section, there may be Personal Information that you provide directly to us with your consent. Under applicable data privacy laws in the EEA like the General Data Protection Regulation, there are “legal bases” upon which we may process your Personal Information:
- Consent. In some cases we’ll ask for consent to use your information for specific purposes. If we do, we’ll make sure you have an appropriate mechanism through which you can revoke your consent. Even if we’re not relying on consent to use your Personal Information, we may still ask you for permission to access certain types of data like your location.
- Legitimate Interest. One reason we might use your information is because we have—or a third party has—a legitimate interest in doing so. For example, we need to use your information to provide and improve our Services, including protecting your account, collecting and sharing your Merits, or providing customer support.
- Legal obligation. We may be required to use your Personal Information to comply with the law, like when we respond to a valid legal process or need to take action to protect our users.
Should you have any other questions about international data transfers and the safeguards we have in place, please contact us.
Your California Privacy Rights
Pursuant to the California Consumer Privacy Act (“CCPA”), residents of California are entitled to additional rights and disclosures regarding their Personal Information. If you are subject to the rights offered under the CCPA, please review our Notice to California Residents for additional information on how to exercise these rights.
Applicable Law
This Privacy Notice shall be governed by, construed and entered in accordance with the laws of the State of California, applicable to contracts deemed to be made within such State, without regard to choice of law or conflict of law provisions thereof. Please review our Terms of Services for information relating to dispute resolution.
Changes to this Notice
Since we are committed to improving our Site & our Services, we may need to make changes to this Privacy Notice from time to time at our sole discretion. If we make any material changes, we will notify you by adding a statement to our website, providing you with an in-app notification, and/or sending you an email when we are required to do so by applicable law. You can see when our Privacy Notice was last updated by checking the date at the top of the Notice. By continuing to use the Services after an updated version of the Privacy Notice has been posted, you agree to be bound by the terms of the updated Privacy Notice. You are responsible for periodically reviewing this Notice to ensure that you stay informed about our practices. Should you have an objection to or a question about a change in this Notice, please contact us.
Contact Us
Data Privacy Office
You can reach our data privacy office, by reaching out to dpo@merits.com.
Privacy Issues
If you have any questions or concerns about the Privacy Notice or any privacy issues, please email us at privacy@merits.com, we can also be reached at our headquarters at 100 S. Murphy Ave Suite 200, Sunnyvale, CA 94086.