FAQ AVG/GDPR
- Chris
- Heather Camp Lopes
From May 25, 2018, the GDPR has come into effect in Europe.
Below you will find answers to some important questions regarding the GDPR.
These are of a general nature and apply to all Mercell Source-to-Contract solutions.
Is Mercell Source-to-Contract ready for the GDPR?
Yes, Mercell Source-to-Contract complies with the GDPR guidelines.
Are the personal data stored in Mercell Source-to-Contract solutions shared with others?
Mercell Source-to-Contract never shares personal data with others.
Has Mercell Source-to-Contract implemented technical measures to ensure the security of personal data?
Mercell Source-to-Contract has taken all technical measures necessary for the security of personal data, in accordance with applicable standards.
Can Mercell Source-to-Contract delete personal data from the software solutions?
That is possible. However, only the person who manages the Mercell Source-to-Contract account of an organization can request deletion of personal data. This person is considered the representative of the Data Controller. If an individual (referred to as Data Subject in the GDPR) wants to be deleted, they should contact the representative (administrator) of the organization account.
Note: If you have participated in tenders, please be aware that your account, and thus your personal data, cannot be deleted due to legal archiving grounds.
Does Mercell Source-to-Contract also process 'Special' personal data?
Mercell Source-to-Contract is not designed with the intention of processing 'Special' personal data.
The Mercell Source-to-Contract platform is suitable for processing 'ordinary personal data' of its users and is not specifically designed for processing 'special' personal data.
Special personal data includes:
Religion or belief;
Race;
Political preference;
Health;
Sexual orientation;
Membership of a trade union;
Criminal record;
Citizen service number (BSN).
How does Mercell Source-to-Contract handle personal data in case a Dynamic Purchasing System is set up?
The policy of Mercell Source-to-Contract and the advice to Customers, in the case of a DPS, is not to request special data. It is the responsibility of our Customers to determine which (personal) data are requested.
Can Mercell Source-to-Contract delete personal data from a tender?
Our customers own the content of a tender and are responsible for the personal data therein. Only upon request from the representative of the data controller can Mercell Source-to-Contract investigate whether data can be deleted from a tender. This should be done through a written request via privacy@mercell.com.
Has Mercell Source-to-Contract ever experienced a data breach of personal data?
No