Back to siteMercury Evidentia

Privacy Policy

Last updated: December 12, 2024

1. Introduction

This Privacy Policy describes how Mercury Evidentia (hereinafter "we", "our" or "Company") collects, uses, stores, and protects the personal data of users (hereinafter "you", "your" or "User") who use our document management and digital signature platform.

We are committed to protecting your privacy and processing your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and other applicable data protection legislation.

2. Data Controller

The Data Controller for personal data processing is:

JPMERCURY LLC

539 W. Commerce St # 3691, Dallas, TX 75208, USA
[email protected]
Wyoming Entity #: 2024-001547189

3. Personal Data Collected

We collect the following categories of personal data:

3.1 Data provided by the User

  • Registration data: first name, last name, email address, phone number, password
  • Business data: company name, VAT number, tax code, certified email (PEC)
  • Payment data: information necessary for payment processing
  • Documents: files uploaded to the platform for storage and digital signature
  • Digital certificates: information contained in certificates used for signing

3.2 Automatically collected data

  • Technical data: IP address, browser type, operating system, device used
  • Usage data: pages visited, time spent, actions performed on the platform
  • Cookies and similar technologies: as described in our Cookie Policy
  • System logs: activity timestamps for security and audit purposes

4. Purposes of Processing

Your personal data is processed for the following purposes:

4.1 Contract performance

  • Creation and management of your account
  • Provision of document storage and digital signature services
  • Payment management and invoicing
  • Customer support and technical assistance

4.2 Legal obligations

  • Document retention for tax and legal obligations
  • Responding to requests from competent authorities
  • Compliance with digital signature regulations

4.3 Legitimate interest

  • Prevention of fraud and illegal activities
  • Platform and data security
  • Improvement of our services
  • Anonymous statistical analysis of usage

4.4 With your consent

  • Sending marketing communications
  • Use of analytics and marketing cookies
  • Newsletter and product updates

5. Legal Basis for Processing

The processing of your data is based on the following legal bases:

  • Art. 6(1)(a) GDPR: Consent of the data subject (for marketing and non-essential cookies)
  • Art. 6(1)(b) GDPR: Performance of a contract
  • Art. 6(1)(c) GDPR: Compliance with legal obligations
  • Art. 6(1)(f) GDPR: Legitimate interest of the Controller

6. Retention Period

Your personal data is retained for the time necessary to fulfil the purposes for which it was collected:

  • Account data: for the duration of the contractual relationship and 10 years thereafter
  • Signed documents: according to legally required retention periods (minimum 10 years)
  • Billing data: 10 years from the date of the last invoice
  • Security logs: 12 months
  • Marketing data: until consent is withdrawn

7. Data Sharing

Your data may be shared with:

  • Service providers: hosting, payments, email (solely for service delivery)
  • Accredited certifiers: for the issuance of digital signature certificates
  • Competent authorities: when required by law

We do not sell or share your personal data with third parties for marketing purposes without your explicit consent.

8. International Transfers

Your data is primarily stored within the European Union. Should it be necessary to transfer data outside the European Economic Area, we ensure that adequate safeguards are in place, such as:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other safeguards provided for by the GDPR

9. Your Rights

As a data subject, you have the right to:

  • Access: obtain confirmation of processing and access your data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data ("right to be forgotten")
  • Restriction: restrict processing of your data in certain cases
  • Portability: receive your data in a structured format and transfer it
  • Objection: object to processing on legitimate grounds
  • Withdraw consent: withdraw consent at any time

To exercise these rights, contact us at: [email protected]

You also have the right to lodge a complaint with the competent supervisory authority (in Italy: Garante per la Protezione dei Dati Personali - www.garanteprivacy.it).

10. Security Measures

We adopt appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Two-factor authentication (2FA)
  • Role-based access controls
  • Continuous threat monitoring
  • Regular backups and disaster recovery plans
  • Staff training on data security

11. Minors

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, please contact us immediately.

12. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be published on this page with an indication of the date of the last update. We encourage you to review this page periodically.

In the event of substantial changes, we will notify you by email or through a notice on the platform.

13. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, you can contact us:

Mercury Evidentia