Personal data policy

At Merton, we are conscious of the need for protection and responsible processing of personal data.

As such, we base our work on the following principles:

We do not disclose personal data to third parties unless legally required to do so.
We do not acquire personal data from third parties.
Subscription to our newsletter is voluntary, and you can opt out at any time.
You can always be informed of the data we have recorded about you, in accordance with the data protection regulation, if you contact us.
Read more below about how we collect, protect and use your personal data.


If you choose to subscribe to our newsletter and similar information, we will save your name and email in order to distribute the desired information by email. You can opt out of this service at any time via a link at the bottom of the distributed newsletter.

If you have any questions about our processing of your personal data, then you are welcome to send us an email at


Your rights in accordance with the data protection law

You have the following rights in relation to our processing of your personal data:

The right to be informed of the processing of your personal data
The right of access to your personal data
The right to have incorrect personal data rectified
The right to have your personal data erased
The right to object to personal data being used for direct marketing
The right to object against automated individual decisions, including profiling
The right to move your personal data (data portability)
All the above rights are handled manually by contacting us. Remember to provide your full name and email if you contact us. You can contact us at

We may reject requests that are unreasonably repetitive, require a disproportionate amount of technical intervention (e.g. the development of a new system or significant change to an existing practice), affect the protection of other people's personal data, or something that would be extremely impractical.

If we can correct data, we will of course do so without charge, unless it requires disproportionate effort. We strive to operate our services in a way that protects data from accidental or harmful destruction. When we erase your personal data from our services, it is thus possible that we won't be able to erase associated copies from our archive servers immediately, and it is not certain that the data will be removed from our backup systems before the end of the storage period.


Compliance and collaboration with regulatory authorities
We regularly review our own compliance of our personal data policy.

We also comply with several self-regulating safety policies. If we receive any formal complaints in writing, we will contact the sender to follow up on the complaint. We collaborate with the relevant legislative authorities, such as the data protection authority, in order to resolve complaints that we can't solve directly with our users relating to the transfer of personal data.

Our data protection policy may change periodically. Any changes to this data protection policy will be stated on this page, and if significant changes are made we will draw attention to them in a more obvious way (e.g. for certain services we give notification of changes via email).