Privacy Policy

Thank you for your interest in this Privacy Policy. You are about to read more about the processing of your Personal Data by us and the rights to which you are entitled.

This Privacy Policy is for Mercado a business operated by Kapil Jiwa (Sole Trader), of 7 Jersey Road, Stanley, Falkland Islands. FIQQ 1ZZ (hereinafter “us” or “we”) and applies to how we might collect, store, use and/or share your information when you use our services(“Services”). This policy applies regardless of how you access our Services.

If you have any questions about how we handle your Personal Data or about data protection in general, you can reach us at services@mercado.co.fk or on the phone using 00500 52946.

What sources and data do we use

We process Personal Data only to the extent authorised by you personally. In doing so, we only collect and process the data that is absolutely necessary to maintain and use our Services. Personal Data may be collected in two ways, that is directly when you for example volunteer it to us or automatically for example when you install and use our APP or access the web site.

Handling of Personal Data

In the following, we would like to inform you about our handling of Personal Data when you use our Services.

As per the General Data protection Regulation (GDRP) and the UK GDRP we hold data for the purposes of:

- - Performance of a Contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  - Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
  - Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  - Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

In legal terms, we are generally the “data controller” under European data protection laws of the personal information described in this privacy notice, since we determine the means and/or purposes of the data processing we perform. This privacy notice does not apply to the personal information we process as a “data processor” on behalf of our users. In those situations, the user that we provide services to and with whom we have entered into a data processing agreement is the “data controller” responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions. If you want to know more about our customers’ privacy practices, you should read their privacy policies and direct any questions you have to them.

Data may also be processed where you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time by contacting us. However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Data collection, storage and use of Personal Data

a) Contacting us

If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your request.

b) Account and registration

If you create an account with us, we will collect and store the data you enter during registration (e.g., your e-mail address and password) exclusively for contractual services, for the fulfilment of the contract or for the purpose of customer care. At the same time, we also store your IP address and the date of your registration together with the time of day. Of course, this data will not be passed on to third parties. The data collected by us in this process will be used exclusively for the provision of the services. Insofar as you consent to this processing, Art. 6(1)(a) of the GDPR is the legal basis for the processing. You may withdraw your consent and request us to stop using your Personal Data by submitting your request to us in writing.

c) Provision of our Marketplace Services

We process the data of our users in order to enable them to select, purchase or commission the selected services and goods, including products bought or sold, offers made or received, transactions carried out, as well as associated activities and to pay for and deliver them or to execute or provide them. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.

Unless otherwise specified the purposes of processing are contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users).

d) When using our auxiliary services

We process the data of our auxiliary services (including but not limited to procurement service, stores, events, jobs) in order to be able to provide our services as well as to ensure the security of our services and to be able to develop them further.

e) Administration, financial accounting, office organisation, contact management

We process data provided during the provision of our services in the context of administrative tasks as well as organisation of our operations, financial accounting, and compliance with legal obligations, such as archiving.

In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.

Furthermore, based on our business interests, we store information on sellers, and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

f) Financial Data

If you make a purchase your payment will be processed via the payment service provider Square Squareup Europe Ltd of 101 New Cavendish Street, 4th Floor, London, W1W 6XH, United Kingdom. Payment data will solely be processed through the payment system of Square.

Marketing

Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to (Art. 6(1)(a) of the GDPR).

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

Our newsletter is sent as part of processing on our behalf by Mailchimp (Intuit Inc) of 675 Ponce De Leon Avenue, Northeast, Suite 5000, Atlanta, GA 30308, USA to whom we pass on your e-mail address for this purpose.

Data Security

Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

We also use technical and organisational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

Your data is transmitted exclusively via SSL-encrypted connections. In the process, the certificates are checked for validity and -if technically possible, in order to prevent misuse and man-in-the-middle attacks as far as possible.

Your Data is stored using the services of A2 Hosting, Inc of 2000 Hogback Rd #6, Ann Arbor, MI 48105, United States at their Amsterdam Location and only transferred if this is necessary/legally required for the execution of your orders or if you have given us your consent. We will inform you separately about details, if required by law.

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Personal Data and children

We will not knowingly collect, use, or disclose Personal Data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Social media

We are present on social media on the basis of our legitimate interest. If you contact us via social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the DPA and GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement.

A Joint Controller Agreement itself is very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfil the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service, if any.

Transfer of data for processing on our behalf

We sometimes use specialised service providers to process your data. Our service providers are carefully selected and regularly monitored by us. They process Personal Data only on our behalf and strictly in accordance with our instructions on the basis of corresponding contracts for commissioned processing.

Information about your rights

The following rights are available to you under applicable data protection laws:

- - - Right to obtain information about the data we hold about you;
    - Right to rectify, erase or restrict the processing of your Personal Data;
    - Right to object to processing which serves our legitimate interest;
    - Right to data portability;
    - Right to complain to a supervisory authority;
    - You can revoke your consent to the collection, processing and use of your Personal Data at any time with effect for the future.

If you wish to exercise your rights, please contact us.

The Supervisory Authority

The competent data protection authority in the UK is:

The Information Commissioner`s Office (ICO)

Wycliffe House, Water Ln,

Wilmslow SK9 5AF, UK

www.ico.org.uk

Access Request

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same using services@mercado.co.fk.

We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

In respect of our App

The App is our iOS and Android mobile application (our”App”) operated by us.

About our APP

In principle, our APP is designed to have data protection-friendly default settings. This includes, for example, that only such Personal Data is collected that is required for the function of the APP (principle of data minimisation). As such we have made sure that as little as possible information that directly identifies you is collected.

OneSignal (for push notifications)

We use the service of OneSignal, 2194 Esperanca Avenue, Santa Clara, CA 95054 to send you push messages, provided that you have consented to receive them by granting the corresponding authorisation. OneSignal receives information about the installed app and its usage, the temporary unique device identifier, the current location linked to the temporary unique device identifier; your IP address, type of your device, type and version of your operating system, your mobile carrier, your language settings, time zone and network settings. Insofar as you consent to the use of OneSignal processing,

Authorisations and Access

We may request permission to store your APP data including your Internet Connection and Network, Camera, Photos and Gallery of your device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our APP may not function as intended.

Automated individual decision-making including profiling

We do not make automated decisions in individual cases, including profiling.

Uninstall

You can stop the collection of information by our APP by uninstalling it using the standard uninstall procedure for your device.

Relating to our website

When you call up our website, your browser transmits certain data to our web server for technical reasons in order to provide you with the information you have called up. To enable you to visit the website, the following data is collected, stored for a short time and used:

- - IP address
  - Date and time of the request
  - Time zone difference to Greenwich Mean Time (GMT)
  - Content of the request (specific page)
  - Operating system and its interface
  - Access status / HTTP status code
  - Amount of data transferred
  - Website from which the request came
  - Browser, language, and version of the browser software

We store this data for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than 7 years for financial record keeping and 1 year for all other purposes save where you have an account and the data may be stored for up to a year after the account has been closed.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Hosting

To provide our website, we use the services of A2 Hosting, Inc of 2000 Hogback Rd #6, Ann Arbor, MI 48105, United States at their Amsterdam Location who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.

Use of cookies

We may use temporary and permanent cookies and will explain this below. The legal basis for the use of cookies is either your consent or our legitimate interest.

In some cases, we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website or use our App. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner are called “first-party cookies.” Cookies set by parties other than the website owner are called “third-party cookies.” Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Website and App for advertising, analytics, and other purposes.

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our Services may be restricted.

Essential website cookies:

These cookies are strictly necessary to provide you with services available through our Website and to use some of its features, such as access to secure areas.

Performance and functionality cookies:

These cookies are used to enhance the performance and functionality of our Website but are non-essential to their use. However, without these cookies, certain functionality (like videos) may become unavailable.

Analytics and customization cookies:

These cookies collect information that is used either in aggregate form to help us understand how our Website are being used or how effective our marketing campaigns are, or to help us customize our Websites for you.

Advertising cookies:

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. These are not currently used.

Social networking cookies:

These cookies are used to enable you to share pages and content that you find interesting on our Website/App through third-party social networking and other websites. These cookies may also be used for advertising purposes.

Unclassified cookies:

These are cookies that have not yet been categorized. We are in the process of classifying these cookies with the help of their providers.

How can I control cookies on my browser?

As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser’s help menu for more information.

In addition, most advertising networks offer you a way to opt out of targeted advertising.

General

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us using services@mercado.co.fk.

Delete your data and account

If you believe that the personal data, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us.

Changes and Updates

We may update this privacy policy from time to time. Updates to this privacy policy will be published on our website. Changes will apply from the time of their publication on our website. We therefore recommend that you visit this page regularly to find out about any updates that may have been made.

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your Personal Data on our part, or any other questions or comments, or wish to exercise your rights under applicable laws, please contact us.

This Privacy Policy was last updated on Monday, 09 January 2023.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.