Privacy notice

Controller

MertAGI OÜ is the controller. Registry code and registered address: TBA. Privacy and rights requests may be sent to hello@mertagi.com.

Information we process

  • Identity and contact details, including your name, email address and country.
  • The role in which you apply: merchant, future founder or investor.
  • Company and trade profile information, such as company name, country, age, revenue range, trade model, product categories and website.
  • For future founders, planned categories and timing; for investors, organisation, investor type and indicative ticket range.
  • Your optional message, selected plan, language, marketing preference and application reference.
  • Limited technical and security data needed to deliver and protect the form, such as request time and network address used for rate limiting. The current site does not use advertising cookies or production analytics.

Why we use it and our legal bases

  • To receive, assess and respond to your access request and take steps at your request before a possible contract (GDPR Article 6(1)(b)).
  • To secure the form, prevent abuse, maintain application records and improve the application process where our legitimate interests do not override your rights (Article 6(1)(f)).
  • To send optional product or access updates when you actively consent (Article 6(1)(a)). You may withdraw that consent at any time without affecting earlier processing.
  • To meet applicable legal obligations where required (Article 6(1)(c)).

Application and acknowledgement emails

When you submit the form, the website attempts to deliver your application to form@mertagi.com. Receipt is confirmed only after that internal delivery succeeds. We then attempt to send a role-specific acknowledgement to the address you supplied, and the result screen states whether it was sent. The acknowledgement does not create an account. We will not request a password or banking credential by email.

Recipients and international transfers

Access is limited to authorised MertAGI personnel and service providers needed for website hosting, security and email delivery. We do not sell application data. Where a recipient processes data outside the EEA, MertAGI will use an applicable GDPR transfer mechanism and supplementary safeguards. A current processor list may be requested from hello@mertagi.com and will be published before merchant access opens.

Retention

If no service relationship follows, application records are kept for up to 12 months after the last substantive contact, then deleted or anonymised unless a legal claim or obligation requires longer retention. Optional update preferences are kept until consent is withdrawn or the list is retired. Security and rate-limit records are kept only as long as reasonably needed, normally no more than 90 days.

MertAGI Operator and automated decisions

The public MertAGI Operator is an automated product-information assistant. In the current website version, questions are matched in your browser to published answers and are not used to make legal or similarly significant decisions about you. Access applications are reviewed individually; no solely automated acceptance or rejection decision is made.

Your rights

Subject to the GDPR, you may request access, rectification, erasure, restriction or portability, object to processing based on legitimate interests, and withdraw consent. Contact hello@mertagi.com. You may also complain to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local EEA supervisory authority.