Privacy Policy

1. Legal Basis & Compliance

We process personal data in accordance with:

• European Union: General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
• Italy: Legislative Decree 196/2003 (Privacy Code) as amended by Legislative Decree 101/2018
• United States: California Consumer Privacy Act (CCPA) and applicable state privacy laws
• International: EU-US Data Privacy Framework for data transfers

2. Information We Collect

2.1 Information You Provide

• Contact Information: Name, email address when you contact us or download whitepapers
• Account Data: MQL5 username (if provided) for product support
• Communications: Content of emails and support requests
• Payment Information: Processed exclusively through MQL5 Market (we do not store payment details)

2.2 Information Automatically Collected

• Technical Data: IP address, browser type, operating system, referring URLs
• Usage Data: Pages visited, time spent on site, click patterns
• Cookies: Session cookies and analytics cookies (see Section 8)

3. Legal Bases for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Consent (Art. 6.1.a): For newsletter subscriptions and marketing communications
• Contract (Art. 6.1.b): To provide products, support, and fulfill license agreements
• Legal Obligations (Art. 6.1.c): For tax records and regulatory compliance
• Legitimate Interests (Art. 6.1.f): For fraud prevention, security, and service improvements

4. How We Use Your Information

• Provide and maintain our products and services
• Send product updates and technical notifications
• Respond to support requests and customer service inquiries
• Process whitepaper download requests via Web3Forms
• Comply with legal obligations and enforce our terms
• Detect and prevent fraud, security breaches, and technical issues
• Analyze usage patterns to improve our products (aggregated data only)

5. Data Sharing & Third Parties

5.1 Service Providers

• Web3Forms: Email form processing (USA-based, Privacy Shield compliant)
• MQL5 Market: Payment processing and product distribution
• Hosting Provider: Website and data hosting services

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or when necessary to protect our rights, privacy, safety, property, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your personal information may be transferred with appropriate confidentiality agreements.

6. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA). We ensure appropriate safeguards through:

• EU-US Data Privacy Framework certification for US transfers
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable

7. Your Rights Under GDPR

• Right to Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Request correction of inaccurate data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Art. 18): Request limited use of your data
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time for consent-based processing
• Right to Lodge a Complaint (Art. 77): File a complaint with your supervisory authority

To exercise any of these rights, contact us at: contact@merkavalabs.com

We will respond to your request within 30 days as required by GDPR Article 12.

8. Cookie Policy

8.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality (no consent needed)
• Analytics Cookies: Help us understand site usage (consent required)
• Preference Cookies: Remember your settings and preferences

8.2 Managing Cookies

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies
• Firefox: Settings → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Privacy, search, and services → Cookies

9. Data Retention

We retain personal data based on the following criteria:

• Customer Data: Duration of business relationship plus 10 years (Italian tax law)
• Support Requests: 3 years from resolution
• Marketing Consent: Until withdrawn or 2 years of inactivity
• Website Analytics: 26 months (aggregated data)
• Legal Records: As required by applicable law

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for data transmission
• Encrypted storage for sensitive information
• Access controls and authentication systems
• Regular security audits and updates
• Data breach notification procedures (within 72 hours to authorities as per GDPR)

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware of such collection, we will delete the information immediately.

12. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising privacy rights

13. Italian Supervisory Authority

For Italian residents, you may lodge a complaint with:

Garante per la protezione dei dati personali
Piazza Venezia 11 - 00187 Roma
Website: www.garanteprivacy.it
Email: garante@gpdp.it

14. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting a prominent notice on our website
• Sending an email to registered users (if applicable)
• Updating the "Last Updated" date

15. Contact Information