Last updated • 29 April 2026

Legal

Everything about how this site works, what we collect, and what we don't.

Merlin Legal Center

Legal notice

Privacy notice

Cookie notice

Term of use

29 April 2026 • PRIVACY NOTICE

How we handle your data

This notice explains what personal data we collect when you visit our website, why we collect it, and what rights you have over it. We've kept it short and direct. If anything is unclear, email us at info@merlin-innovation.com.

Who's responsible

Merlin.ai BV (trading as Merlin Innovation) is the data controller for any personal data collected through this website. Our full company details are in the Legal Notice.

For privacy questions or to exercise any of the rights below, write to info@merlin-innovation.com.

What this notice covers

This notice applies to visitors of merlin-innovation.com. It does not cover offline interactions, client engagements, or third-party platforms we link to.

What we collect, and why

We collect two kinds of data:

1. Information you give us through the contact form.

When you fill in our contact form, we collect:

Field

Purpose

Legal basis

Retention

Name

Address you properly when we reply

Consent

24 months from last contact

Email

Reply to your message

Consent

24 months from last contact

Company

Understand the context of your enquiry

Consent

24 months from last contact

Location

Understand where you're based

Consent

24 months from last contact

Message

Understand what you're asking about

Consent

24 months from last contact

You can ask us to delete this data earlier at any time.

2. Technical information collected automatically when you visit.

When you load a page, our hosting provider records standard technical data: your IP address, browser type, device type, the page you visited, and the time of the visit. This is collected for security and to keep the site running. It's processed on the basis of our legitimate interest (Article 6(1)(f) GDPR) in operating a secure website. This data is held for up to 30 days, then deleted.

What we don't do

We don't use our own cookies for tracking, analytics, or marketing. We don't profile you. We don't sell your data. We don't run advertising. We don't use any data submitted through this website to train AI models, ours or anyone else's.

Our hosting platform (Framer) does set its own platform-level marketing cookies on the framer.com domain. We don't read or use this data, but we want to be honest that it's there. The full picture is in our Cookie Notice.

Who we share data with

We share data only with the providers we need to operate the website and reply to you:

Provider

What it does

Where it's based

Framer B.V.

Hosts the website and processes contact form submissions

Netherlands (EEA)

Microsoft Ireland Operations Ltd

Email service we use to read and reply to your message

Ireland (EEA), with infrastructure in the EU and US

Both providers act as our data processors under written agreements compliant with Article 28 GDPR.

International transfers

Framer's infrastructure is based in the EEA. No international transfer applies.

Microsoft is an EU-headquartered processor, but some of its support and infrastructure operations involve transfers to the United States. These transfers are covered by Microsoft's certification under the EU–US Data Privacy Framework and by Standard Contractual Clauses approved by the European Commission. You can read Microsoft's data protection commitments at microsoft.com/privacy.

Your rights under GDPR

Under the EU General Data Protection Regulation, you have the right to:

  • Access — ask us what personal data we hold about you

  • Rectify — ask us to correct data that's wrong or incomplete

  • Erase — ask us to delete your data ("right to be forgotten")

  • Restrict — ask us to stop processing your data while we sort out a dispute about it

  • Object — object to processing based on our legitimate interest

  • Portability — ask for your data in a portable, machine-readable format

  • Withdraw consent — at any time, where we rely on your consent

To exercise any of these rights, email info@merlin-innovation.com. We'll respond within one month, as required by GDPR. There's no charge for a standard request.

Right to lodge a complaint

If you believe we've handled your data improperly, you have the right to lodge a complaint with the Belgian supervisory authority:

Autorité de protection des données / Gegevensbeschermingsautoriteit Drukpersstraat 35, 1000 Brussels contact@apd-gba.be — +32 2 274 48 00 www.dataprotectionauthority.be

You can also lodge a complaint with the supervisory authority of the EU member state where you live.

Is providing your data required?

No. Filling in the contact form is voluntary. If you choose not to provide any of the fields, we may not be able to reply to your enquiry, but there's no other consequence.

Automated decision-making

We don't use automated decision-making or profiling for any visitor data collected through this website.

Cookies

This website is hosted on Framer, which sets cookies on the framer.com domain. Some are strictly necessary for the site to function; others are Framer's own platform-level marketing trackers, which we don't read or use. The full picture is in our Cookie Notice.

Changes to this notice

We may update this notice from time to time. Material changes will be reflected in the "last updated" date at the top of the page. The version published here is always the one that applies.