Privacy Policy

1. Introduction

Your data is in good hands with us. At Flyp Pte Ltd, trading as Mercu, we are committed to protecting your personal data and complying with GDPR and other relevant data protection regulations. This privacy policy explains how we collect, use, and protect your personal data when you visit our website, use our services, or interact with us.

Company Information:

2. Our Data Protection Principles

  • Transparency: We disclose our data processing practices clearly.
  • Data Minimization: We collect only the data necessary for our business operations.
  • Purpose Limitation: We process data only for specified and legitimate purposes.
  • Security: We secure our systems against intrusion and cyber-crime and conduct third-party greybox penetration tests annually.
  • Responsibility: We work with reliable service providers and ensure they comply with GDPR.
  • Retention: We process data only as long as necessary.

3. Data We Collect and How We Use It

We collect and process various types of personal data for different purposes:

When You Visit Our Marketing Websites:

  • Data Collected: IP address, browser type and version, operating system, geolocation, login information, time zone setting, and browsing behaviour.
  • Purpose: To ensure website functionality, security, and to provide an excellent user experience.
  • Legal Basis: Legitimate interests and consent for marketing activities.
  • Retention: Data is retained for up to 12 months after your last interaction with our website or until consent is revoked.

When You Use Our Contact Form, Call Us, Send Us an Email, Or Contact Us via WhatsApp:

  • Data Collected: First name, last name, company information, email, phone number, and your request details.
  • Purpose: To respond to your inquiries and provide customer support.
  • Legal Basis: Contract necessity.
  • Retention: Data is retained for up to 12 months after your inquiry is resolved or until consent is revoked.

When You Become a Mercu Customer:

  • Data Collected: First name, last name, email, phone number, company information, payment information, employee and candidate information (including but not limited to first name, last name, email, phone number, resume details, work location).
  • Purpose: To deliver Mercu's services for high-volume hiring, training, and communications.
  • Legal Basis: Contract necessity.
  • Retention: Data is retained for the duration of the contract and up to 7 years after termination, depending on legal and contractual obligations.

When You Engage with Mercu as a Candidate or Employee:

  • Data Collected: First name, last name, email, phone number, address, resume information, employment and/or application details.
  • Purpose: To enable your current or past employer to train and communicate with you regarding your employment; or to enable your prospective employer to efficiently process your application for employment.
  • Legal Basis: Contract necessity.
  • Retention: Data is retained for the duration of your employment/application process and up to 7 years after termination, depending on legal and contractual obligations.

When You Exercise Your Data Subject Rights:

  • Data Collected: First name, last name, email, address, phone numbers, content of the request.
  • Purpose: To fulfill your requests and comply with legal requirements.
  • Legal Basis: Legal obligation.
  • Retention: Data is retained for up to 2 years after the request is fulfilled.

4. Sharing and Disclosure of Your Data

We share your data with trusted third-party service providers for specific purposes, such as business operations, marketing, customer support, and website functionality. For detailed information on the companies we may share data with, please visit this link.

5. International Data Transfers

We store all data on AWS in the ap-southeast-1 region. When transferring your data outside the EEA/UK/Switzerland, we ensure adequate safeguards are in place, such as Standard Contractual Clauses and ensuring that third-party providers comply with GDPR requirements.

6. Data Security Measures

We are fully SOC 2 Type 2 compliant, implementing rigorous technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, access controls, and regular security assessments. Please reach out to us for our SOC2 Type2 report as well as our latest grey-box penetration test at accounts@mercu.com.

7. Your Privacy Rights

Under GDPR, you have the right to:

  • Access: Request access to your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request the deletion of your data.
  • Restriction: Restrict processing under certain conditions.
  • Data Portability: Receive your data in a portable format.
  • Object: Object to data processing, especially for direct marketing purposes.

For more details on your rights, please visit this link.

8. Use of Cookies and Tracking Technologies

Cookies are used to enhance your browsing experience. Essential cookies are necessary for website functionality and do not require consent. For other cookies, we ask for your consent.

9. Privacy Policies of Other Websites

Our website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will inform you of any changes via email. The date of the latest update will be indicated at the end of this policy.

11. How to Contact Us

If you have any questions about this privacy policy or our data processing practices, please contact us at:

12. How to Contact the Appropriate Authorities

If you have any concerns or complaints about how we handle your data, you can contact our DPO or the relevant data protection authority:

  • EEA: List of supervisory authorities available here.
  • UK: Information Commissioner's Office (ICO) at ico.org.uk.
  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.

Data Protection Officer:

Version & Changelog

v1.1 - amended on July 3rd, 2024
v1.0 - adopted on January 20th, 2023

A high-volume hiring experience that your recruiters and candidates will thank you for.

Mercu Hire automates repetitive and time-consuming tasks when hiring frontline staff: Interview scheduling, interview reminders, and candidate questions. All while delivering the most engaging candidate experience available on the market.