Privacy Policy — Meritioum
Legal

Privacy Policy

Last updated: May 2026
Issued pursuant to Regulation (EU) 2016/679 (GDPR), Articles 12 and 13
Meritioum is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect when you visit this website or purchase a consultation service, why we collect it, and what rights you have under the GDPR. If you have questions, contact us at meritioum@outlook.com.

1 Data Controller

The Data Controller responsible for the processing of your personal data is:

Meritioum Website: meritioum.com
Email: meritioum@outlook.com

This website does not have a designated Data Protection Officer (DPO), as one is not required under Article 37 GDPR for this type and scale of processing.

2 Personal Data We Collect

We collect the following categories of personal data depending on how you interact with this website:

CategoryDataHow Collected
Browsing data IP address, browser type, OS, pages visited, visit duration, referring URL Automatically via cookies when you visit the site
Contact data Name, email address, message content Voluntarily via the contact form
Payment & billing data Name, email, billing address, payment method (processed exclusively by our payment provider — we do not store card numbers or CVV codes on our systems) When purchasing a consultation service
Consultation data Information shared during a session (e.g. career history, CV content, professional background) Provided directly by you during the service

We do not collect special categories of personal data under Article 9 GDPR (health data, racial or ethnic origin, political opinions, biometric data) unless you voluntarily disclose such information during a consultation, in which case processing is based on your explicit consent. We do not knowingly collect personal data from children under 16.

3 Purposes of Processing and Legal Basis

PurposeLegal Basis (Art. 6 GDPR)
Technical operation and security of this website Art. 6(1)(f) — Legitimate interest
Anonymous traffic analysis to improve content (Squarespace Analytics) Art. 6(1)(a) — Your explicit consent
Responding to contact form enquiries Art. 6(1)(a) — Your explicit consent
Processing payments and delivering consultation services Art. 6(1)(b) — Performance of a contract
Fraud prevention and payment security Art. 6(1)(f) — Legitimate interest
Retaining invoices and transaction records for tax and accounting obligations Art. 6(1)(c) — Legal obligation

Legitimate interest (Art. 6(1)(f)): We pursue the following legitimate interests: (i) secure and functional operation of this website via strictly necessary cookies; (ii) fraud prevention in connection with payment processing. We have assessed that these interests are not overridden by your fundamental rights and freedoms.

Automated decision-making: We do not carry out any automated decision-making or profiling within the meaning of Article 22 GDPR.

4 Recipients of Personal Data

Your personal data is not sold, rented, or shared with third parties for marketing purposes. It is shared only with the following service providers acting as data processors on our behalf:

Squarespace, Inc. — Website Hosting and Analytics 225 Varick Street, New York, NY 10014, USA
Role: Data Processor (hosting, analytics)
Privacy Policy: squarespace.com/privacy

5 International Data Transfers

Both Squarespace, Inc. and Stripe, Inc. are based in the United States. Your personal data may therefore be transferred to and processed in the United States, a country outside the European Economic Area (EEA). Such transfers are carried out with appropriate safeguards under Chapter V GDPR:

Squarespace Uses Standard Contractual Clauses (SCCs) approved by the European Commission under Art. 46(2)(c) GDPR.
See: squarespace.com/privacy
Stripe Participates in the EU–U.S. Data Privacy Framework (EU-U.S. DPF) and uses Standard Contractual Clauses (SCCs).
See: stripe.com/privacy-center

6 Retention Periods

DataRetention PeriodLegal Basis
Contact form data (name, email, message) 12 months from receipt, or until resolved Art. 6(1)(a) — Consent
Analytics data (aggregated, anonymous) Up to 26 months Art. 6(1)(a) — Consent
Technical cookies Session or as specified in Cookie Policy Art. 6(1)(f) — Legitimate interest
Payment records and invoices 10 years from transaction date (tax and accounting law) Art. 6(1)(c) — Legal obligation
Consultation session data 12 months from last session, unless earlier deletion is requested Art. 6(1)(b) — Contract

Important — right to erasure and payment records: The right to erasure under Article 17 GDPR is not absolute. Where we are required to retain invoice and transaction data under tax and accounting law (Art. 6(1)(c) GDPR), we are legally obligated to retain such records even if you request deletion. In such cases, access to that data is restricted and it is used only for compliance purposes.

7 Your Rights Under the GDPR

Under Articles 15–22 of Regulation (EU) 2016/679, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you and how it is processed.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data where no longer necessary or where consent is withdrawn and no other legal basis applies. Does not apply to data retained by law (e.g. tax records).
  • Right to restriction (Art. 18): Request that we limit processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, request your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object at any time to processing based on legitimate interest. We will stop unless we demonstrate compelling legitimate grounds or need for legal claims.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing. To withdraw cookie consent, use the preferences panel in the site footer.

To exercise any right, contact us at meritioum@outlook.com. We respond within one month (Art. 12(3) GDPR). In complex cases this may be extended by two further months, with prior notice. We may verify your identity before acting. No fees are charged unless requests are manifestly unfounded or excessive.

8 Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority at any time, without prejudice to any other administrative or judicial remedy.

Portugal — CNPD (Comissão Nacional de Proteção de Dados) www.cnpd.pt
Italy — Garante per la Protezione dei Dati Personali www.garanteprivacy.it
All EU/EEA supervisory authorities — European Data Protection Board edpb.europa.eu/members

9 Requirement to Provide Personal Data

Contact form: Providing data is entirely voluntary. If you do not provide your name and email, we will be unable to respond. This is the only consequence.

Payment and consultations: Providing your name, email, and payment information is a contractual requirement to purchase and receive our consultation services. Without this data, we cannot process your payment or deliver the service.

Cookies: Technical cookies are set automatically. You may decline analytics cookies at any time via the cookie banner without affecting your ability to browse this website.

10 Cookies

This website uses cookies. For full details on the cookies we use, their purpose, duration, and how to manage or withdraw consent, please refer to our Cookie Policy.

11 Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The date of the most recent version is always shown at the top of this page. Where changes are material, we will make reasonable efforts to notify you. Continued use of this website after an update constitutes acknowledgment of the revised policy.