Privacy Policy

What are personal data?

Personal data is information that tells something about you. It is any information relating to an identified or identifiable natural person.

You share personal information with us if you are a customer or if you have contact with us. Think of your name, telephone number, IP address or e-mail address, or your bank account details for buying services. It can also be an identification number, location data, an online identifier or a specific physical, physiological, genetic, mental, economic, cultural or social identity aspect of you. In short, it concerns all data that we can, directly or indirectly, relate to you.

Are you self-employed, do you have a sole proprietorship, VOF or partnership? Then we see you as a person with regard to the GDPR since we process data that tells us something about you, directly or indirectly.

What do you mean by processing of personal data?

Processing is a very broad concept from privacy law. It is all about what you can do with personal data, ranging from collecting to destruction.

The GDPR defines the processing of personal data as any processing of personal data or a set of personal data, whether or not carried out via automated procedures, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Who are controllers, processors and sub-processors?

Controller is the entity or person that determines purposes and means of processing personal data of the EU resident. The processor simply processes personal data on behalf of the controller.

The GDPR applies to both data controllers and processors. Controllers collect data from the end-user that is the EU resident, for purposes clearly stated and with appropriate consent. Data processors provide services to the controller in accordance with each controller’s instructions.

Finally the category called sub-processors or third-party businesses performing data processing for other companies are also accountable for protection of personal data.

What consent do I need to give?


Consent to use your personal information as client details: name, function, email, location and adress. This is information that you give us when creating a client account. We use it to provide you with acces to your client account and gather payment for services ordered.

Consent to handle your personal and business data for performing the services, which may contain personal data, such as details of signatories to a contract or personnel in a project. Your business data makes up the input that the experts need to provide you with our services. In Meritable’s case business data refers to contract data, supply chain performance data, business plans and financial data, in other words data on the products and services you bought in the past or may buy in the future. We use it to provide you with accurate professional advice.

Consent to transfer data on your website visits outside the EU for security checks via USA servers of Defiant Inc. in order to get data like the latest URL’s from the Google Safe Browsing list, to verify source code integrity and to check if a domain is a known source of spam or infections. For this purpose we occasionally send aggregated data to secured Defiant servers for analysis when detecting spam, malware or attacks. This data can not be used to de-anonymize a site visitor, client or project. It is needed to protect our company and customer data from security attacks.


Consent to perform website analytics to improve your customer experience and use Google Analytics, a web analytics service provided by Google Inc. (“Google”) for Analytics to help us analyze how visitors use the site. The anonymous information generated by the cookie about your use of the website is transferred to and stored by Google on servers in the United States. Google uses this information to keep track of how this website is used, to compile reports on the website activity for Meritable and to offer other services relating to website activity and internet use. Google will not combine your IP address with other data held by Google. You can refuse the use of cookies by choosing the appropriate settings in our cookie settings or your own browser. However, we would like to point out that in that case you may not be able to use all the features of this website.

Consent to send marketing messages. We want to bring to your attention new features, service enhancements, updates and ways to get the most out of our services, as well as inform you about new services and exclusive offers of Meritable services. You can withdraw this consent at any time and this will have no impact on your Meritable services or account use.

Which personal data do we collect?

We collect personal data about visitors of our websites and users of our services. The most common information we collect are: user names, membership names, email addresses, other contact details, IP addresses, location data, browser and hardware data, payment information, transaction details, support questions, forum comments and web analytics data.

  1. Meritable may collect information about how you use our website and / or services by placing cookies and similar techniques, and our servers may collect information when you log into our websites. Depending on the website and / or services that you use, this information is anonymous or can be traced back to you. For our use of cookies and similar techniques you can read our Cookie articles below.
  2. For the execution of our services you provide information about you and your company to us. Meritable can therefore receive personal data when executing our services to your company for the preparation of contracts and other documents, executing projects, processing payments and reporting.
  3. Meritable may collect personal information when you apply for a job with us, and we may use this information to assess a candidate for suitability. We only use this information for application purposes.

How do we collect personal data?

We may collect personal data that you provide directly to us, or automated if you visit or use our Websites, Apps and/or Service(s).

When you provide us with personal data via Meritable Websites, Apps and/or Service(s), you agree that we collect and use this information in line with this privacy policy and the Terms of Service. It is very likely that you provide personal information if you register for our Websites, Apps and/or Service(s), or if you use Meritable Legal Forms, or use our Consultancy Services, Procurement Outsourcing Services, register for our newsletter, email list, give feedback or communicate with us via the Websites, Apps, chat or email.

Phone calls can be recorded and included in client records with a view to improving the quality of services, training, coaching and assessment of employees or evidence purposes. These recordings of telephone conversations are protected and stored in such a way that they are not accessible to unauthorized persons. The recordings of telephone conversations are destroyed after a while in line with our record retention policy.

By starting a chat you give us permission to register this conversation. For this we can view the history in case of a follow-up to simply answer your questions, give feedback or provide our Service(s). In addition, we measure the quality to improve our Websites, Apps and/or Service(s). We only use the collected data for our internal purposes. We never sell your data.

If you choose not to provide personal data, it is possible that we cannot provide you with all functionality of our Websites, Apps or simply cannot provide our Service(s). You cannot perform transactions through our Websites, Apps or obtain services from us.

What do we collect personal data for?

Implement and perform our agreements

With your personal data we can for example:·

  • Contact you·
  • Investigate whether you can become a customer with us·
  • Assess and regulate your application for or modification of a product or service·
  • Perform your assignments·
  • Put your details in our administration and update them if there are changes·
  • Manage your services·
  • Obtain payment for our services

Reduce risks

Just like others, we share responsibility for the safety of you, ours, all our customers and the sector we work in. You notice this for example:· We investigate in advance who you are

You may not notice any of this, but we do:·

  • We keep your IP address when you visit our sites. In preventing and dealing with fraud, we find out who is behind the IP address.·
  • We provide good security. Think of user names, passwords and audit questions.
  • We invest in resources that protect you and us from all kinds of crime.·
  • We carry out internal quality research into possible problems and risks and check whether legislation has been implemented properly.·
  • We use warning systems from security companies against cybercrime, because of course we do not want customers that put Meritable at risk.·
  • We want to ensure that we remain a healthy company.

Compliance, abiding by the law

A variety of legal obligations apply to our company.

  • When you want to purchase a service we identify you when you become a customer (identification obligation): we check that you are really the person you say you are and we keep a copy of this verification.
  • We are obligated to keep records of the contracts, transactions and services performed for customers and services obtained from suppliers.
  • We process your data when we have a legal obligation to do so, for example when we respond to legal proceedings or enforceable requests from government agencies.

Perform marketing activities

We will keep you informed, for example via e-mails, newsletters, offers on our website or apps that we make available for you. In certain cases, we provide personalized content or advertisements on apps, other parties’ sites or social media. Personal data is also required for this.

We can do this:·

  • We look at which products or services you purchase from us·
  • We collect your choices and searches when you, for example, visit our web pages or apps and open e-mails such as the newsletter. For example, you may be interested in purchasing services if you visit a page about purchasing.·
  • We can combine data we have collected ourselves with personal data and general data from other sources.·
  • We can use your personal data to show you interesting and relevant information on social media.

Perform functional tracking

While you visit our website we keep track of certain items for functional purposes of handling transactions and contracts correctly for tax or currency purposes and to keep track of questions you asked as part of our customer support via email, chat or forms.

  • We track your language settings and location in order to serve pages in the right language;
  • We track whether you have added services to your shopping basket in order to handle orders;
  • We track when you switch language or currency on our website in order to calculate correct taxes or service fees depending on your location;
  • We track whether you are logged in on your account in order to serve the correct pages to make sure these pages are only visible to you, such as:
    • We provide the status of your order for services and the status of the performance of the services based on the client data you entered when ordering the services;
    • We track open chat sessions or service tickets in order to meet our support requirements and provide you with answers to your questions you ask us via email, messaging, chat or phone.

Improve and innovate

We also use personal data to make our service much more personal. We do this by combining and analyzing them. These analyzes bring us to new ideas and better solutions.

This is how we can:·

  • Solve the cause of complaints, improve pages and forms on our sites and speed up processes.·
  • Improve security.·
  • Measure how customers use our services and what the result of a campaign is, and if necessary, improve things.·
  • Develop new services, including our sites or apps and tools.·
  • Making reports of our analyzes and insights and thus providing information services on an aggregate level.

When analyzing, we delete the personal data that we do not need. We can bundle data at a certain level of abstraction (aggregate), encrypt it or make it anonymous.

We also make different profiles (segmenting) of customers with the same characteristics or behavior.·

  • We choose which service best suits a group of customers. For example, small businesses need a legal support desk rather than large companies with their own legal department. We align our offer accordingly.· We can offer you a personal offer.
  • We try to recognize the behavior of fraudsters or cyber criminals so that we can prevent and tackle fraud or crime.·

Personal data that we collect about you via third parties

In general, we collect personal data directly from you. We may collect personal information about you via third parties through the use of cookies, web beacons and other analytics software or services, such as the services of Google Analytics and Google Tag Manager.

In addition to the information we receive from you, we can obtain information from external sources that we believe to be reliable, such as LinkedIn. When processing personal data, we ensure that only personal data are processed that are accurate, adequate, relevant and not excessive.

Cookies and web analytics

This website uses Google Analytics and Google Tag Manager, a web analytics service provided by Google Inc. (“Google”) for Analytics. Google Analytics uses cookies to help the website analyze how visitors use the site. The anonymous information generated by the cookie about your use of the website is transferred to and stored by Google on servers in the United States. Google uses this information to keep track of how this website is used, to compile reports on the website activity for the owner of this website (Meritable Services BV) and to offer other services relating to website activity and internet use. Google may only provide this information to third parties if Google is legally obliged to do so, or insofar as these third parties process the information on behalf of Google. Google will not combine your IP address with other data held by Google. You can refuse the use of cookies by choosing the appropriate settings in our cookie settings or your own browser. However, we would like to point out that in that case you may not be able to use all the features of this website.

When you visit our websites, there is certain generic and anonymous information that we can collect. If you log into our website, this information can be associated with your account. Hereby we refer to information such as:
Your geographic location (approximate, such as country or city of your IP)
basic domain information;
your Internet service provider is sometimes identified depending on the settings of your ISP configuration;
the date and time of your visit to our websites;
the length of your session;
the pages you have visited;
the number of times you visited our websites in a certain period, such as a month;
the size of file you view;
the website you referred to us;
the operating system of your computer.
No personal data is collected through these cookies unless you register for an account and/or log into your account. Th cookie information is stored separately from your personal data.

What are cookies and web beacons?

We use two types of tracking techniques on our websites:

Cookies: these are small data files that are sent from a server to your web browser or mobile phone and stored in your browser or mobile phone. You can check whether you accept cookies or not via your browser settings.

Web beacons: these are small graphic files with a unique identifier similar to cookies. These files are used to monitor the use of the websites and / or services. Unlike cookies, web beacons are processed in our websites themselves.

What do we use these cookie and web beacon tracking techniques for?

We use tracking techniques for the following purposes:

  • To allow our websites, products and / or services to function properly;
  • To understand how our websites and / or services function and to identify improvements in functionality;
  • Improving and personalizing your experience on our websites and / or services and providing additional functionality, such as recording which purchases you have made through our websites;
  • Gather relevant data that catches on delivering marketing and advertising content based on your preferences.

Meritable uses third-party services that use various tracking techniques to provide certain services or functionality of our websites and / or services, including online marketing. These third-party services use cookies to collect anonymous data and allow them to distinguish your computer or mobile phone when you visit our websites. We may use third-party products and services, such as advertising companies, to show you content based on your previous visit to our websites. These companies use cookies to collect data anonymously. No personal data is collected through these cookies. This information is stored separately from your personal data, file or contract details.

Your options regarding cookies and web beacons

You can change your cookie settings for this website at the cookie settings of the cookie notice of our website.

  • You can set your cookie preferences via the settings of your browser whether you accept cookies, or not, or receive a notification when we place a cookie.
  • You can use an opt-out for all third-party advertisement cookies via the settings of your browser.
  • If you do not accept cookies or web beacons through the settings of your browser, this may result in some of the functionality of our websites and / or services not functioning.

No information about children

Since our Websites, Apps and/or Service(s) are intended for the business market, professionals and entrepreneurs, our Websites, Apps and/or Service(s) are not directed at persons under the age of 18. If you are younger than 18, we ask you not to use our Websites, Apps and/or Service(s). It is the responsibility of parents and carers to monitor the use of our Websites, Apps and/or Service(s) by persons under 18 years of age.

How can I access my personal data?

You can access the information we collect from you by logging into your account. You also have the right to request access to additional information that we collect and you have the right to request corrections for any errors in this information. You can also close your account with us. To make a request for access to personal data or correction thereof, please contact the service desk.

Choices and control over your personal data

When we have your consent, we can send you marketing material about services that we think you may find interesting. You have the option of stopping such communication if you no longer wish to receive these messages in the future.

If your email address has been changed and you wish to continue receiving our email updates, you can log in to your account and change your email address, and you can then register again to receive our email updates.

You also have choices about accepting cookies. By changing the settings on our website for the cookie settings or changing the settings of your browser, you have the option to block or accept cookies. If you choose to refuse all cookies then it is possible that parts of our websites and / or services do not function properly.

When can we share your personal data?

We share your personal data with third parties, only in the follwoing cases:

  • It is legally required to provide your information;
  • It is necessary for the execution of the agreement with you;
  • It is necessary to provide your data for a we legitimate interest;
  • you have given your consent.

We may share your personal data on the grounds mentioned above with persons, such as:

  • Employees of Meritable;
  • Companies that are part of the Meritable group of companies, namely all subsidiaries of Meritable B.V .;
  • Subcontractors, suppliers and service providers who assist us in making the websites available and providing our services;
  • Our professional consultants, such as accountants, lawyers, public notary or certification consultants;
  • Regulators and government institutions in relation to compliance procedures and legal obligations;
  • A buyer or potential buyer of part or all of our assets or our company, and their professional advisors, in connection with the sale of (a part of) the company;
  • Other persons who are authorized by law to view this data, or persons to whom we must provide this information on the basis of a legal duty.

We use an international network of subcontractors, suppliers and service providers to make our website available and deliver our services. Some subcontractors and suppliers to whom we provide your personal data, such as cloud service providers, are located outside the Netherlands. To protect your information, we only try to work with subcontractors and service providers that we believe have acceptable security standards for data security.

Information that you disclose or give to others

If you disclose personal data or give it to third parties or people not affiliated to Meritable, we can not control the use of it, and we accept no responsibility for the use of this information by others. There are many ways in which you can provide information to third parties, such as posting a public comment or sharing information via social media. Before you share information with third parties, it is wise to think about this. If you wish to share information with third parties, please check in advance how they will deal with this information. If you share information via another website or social media, please read the privacy policy of such a website or social media service as this privacy policy does not apply.

When we update this privacy policy

It may be necessary to adjust this privacy policy from time to time to ensure that this policy remains up to date with the latest legal requirements and our privacy measures. When we update this privacy policy, the changes are immediately applicable. Even though we normally publish information about changing this privacy policy, it is the responsibility of the user to stay up to date with changes to this privacy policy.

How can you contact us

There is a separate privacy tab on your account page where you can submit your privacy request.

If you have questions about our privacy policy, you can simply contact us.

What happens if I do not give the consents to process my personal data?

If you withhold any of the mandatory consents, you won’t be able to use our services anymore, and your account and data will be deleted after the record retention period has passed. We will notify you by email two weeks before the deletion, and you still have a chance to give the consents and cancel the deletion. We will retain records of transaction details and services performed for the required legal record retention period.

If you want to withdraw any of the consents once you have given them, you can always do so on the account dashboard page. However, please note that this will prevent you from using some or all of our services while you may still be required to pay the fees based on terms of our agreement.

The consent to perform website analytics or receive marketing messages is voluntary, and it does not affect your use of our services.

Where do you store my personal data and business information?

Meritable is a Europe-based company that offers and supports services in Europe. Our client and project data is encrypted and stored on servers located in the EU (Belgium) on secure world class data storage platforms from Google. All the suppliers involved in providing Meritable services to our customers are chosen carefully. You can review the list of these vendors upon request.

What are my GDPR rights?

Information and access

You can obtain information regarding the processing of your personal information and may have access to the personal information which we hold about you.


You can request that we correct your personal information if it is inaccurate or incomplete.


You can request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it.

Data transfer / data portability

In some circumstances, you can receive some personal information in a structured, commonly used and commercially-acceptable machine-readable format or requesting that we transmit your information, which you have provided to us, where this is technically feasible


You can object to, and request that we restrict, our processing of your personal information in certain circumstances. There may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.

Limit processing

You can object to, and request that we restrict, our processing of your personal information in certain circumstances. There may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.

No automated individual decision making

We refrain for processing practices which would subject you to automated decision making.

How can I exercise my GDPR rights?

You can view, modify and download your data via the dashboard. You can request your data or request removal via our request page on your account page.

How is the data protected?

Meritable protects the data by using technical, physical and administrative security measures designed to prevent unauthorized access to Meritable systems. For example, we use encryption techniques, pseudonymization/anonymization, and other security technologies and our servers are protected by firewalls.

When do I hear from you when I have submitted a GDPR request?

Normally you will receive an answer within 30 days. In many cases we can answer you faster or you can view, modify and / or download data directly via the dashboard. If it turns out that we need more time, you will hear from us as soon as possible.

How long do you store my personal data?

We retain the personal data for as long as we are required by our agreement, the law and as long as necessary for the purpose for which we use the data.

  • We have an obligation to retain our bookkeeping records and financial administrative documents (ledgers, debtors, creditors, tax and salary administration) for a period of 7 years, which term starts at the closing of the relevant book year.
  • We are obliged to retain HR records, such as personnel identification (name, address, birth date, tax declarations, identification number) for a term of 5 years, which term starts at the end of the employment period or assignment term.
  • We also retain records on job applicants for 10 years for hired applicants, which term starts at the end of the employment period.
  • We keep records of applicants who were not hired for a period of one year, which starts at the closing of the recruitment process.
  • We retain records on client or case files, such as offers made, intake documents, correspondence, contract or tender documentation, case files, or invoices for a term of 7 years, which term starts upon termination of the agreement or the termination of the client relationship, whichever is the latest.

Do you process sensitive data?

We do not record sensitive data relating to your health, criminal data, ethnicity, religious or political beliefs unless it is strictly required. When we do this, it is limited to very specific circumstances. We can process information on fraud as evidence of a crime, which is considered criminal data of which we make a record. In certain cases we may be legally obliged to keep a copy of your passport. In such a case we will explicitly request this information from you.