Data Fiduciary Particulars
2. Categories of Personal Data Collected
2.1 For General Visitors
- IP address, browser type, device information
- Cookies and tracking data
- Information from Contact Us forms
2.2 For Registered Users
- Full legal name, designation, organisation, qualification
- Email address, mobile number, postal address
2.3 Deal-Related Data
- Business financial information from Seller Mandates
- Acquisition criteria for buyers
- NDA details and deal interaction logs
3. Purposes of Data Processing
| Purpose | Description | Lawful Basis |
|---|---|---|
| Platform Registration | Verifying identity, creating and managing user accounts | Consent / Contract |
| Deal Matching and Facilitation | Matching buyers and sellers, sending EOI communications | Contract / Legitimate Use |
| Security and Fraud Prevention | Monitoring access logs, detecting suspicious activity | Legitimate Use |
| Communication | Sending platform notifications, deal updates, account alerts | Consent / Contract |
| Analytics | Improving platform performance and user experience | Legitimate Use |
| Legal Compliance | Responding to regulatory, legal, or court orders | Legal Obligation |
4. Data Sharing and Disclosure
MergeAxis does not sell, rent, or trade personal data. Data may be shared in the following circumstances:
- With Professional Partners, solely for the purpose of facilitating a specific transaction you have expressed interest in
- With technology service providers (hosting, database, email) under strict data processing agreements
- With legal, compliance, or regulatory authorities when required by applicable law or court order
- With counterparties in a transaction, only after mutual NDA execution
- With auditors, advisers, or insurers bound by confidentiality obligations
- In the event of a merger, acquisition, or asset sale of MergeAxis, subject to the acquirer maintaining equivalent data protections
5. Your Rights as a Data Principal
| Right | Description |
|---|---|
| Right to Access | Request a summary of personal data held by MergeAxis |
| Right to Correction | Request correction of inaccurate or incomplete data |
| Right to Erasure | Request deletion of your data (subject to legal retention obligations) |
| Right to Grievance Redressal | Lodge a complaint with MergeAxis's Grievance Officer within 30 days |
| Right to Nominate | Nominate another person to exercise your rights in case of incapacity |
| Right to Withdraw Consent | Withdraw consent for processing at any time, with prospective effect |
To exercise any of these rights, write to: info@mergeaxis.in
6. Data Retention
- Registration and account data: retained for the duration of the account plus 3 years following closure
- Deal-related data: retained for 7 years from the date of deal closure or last activity
- Access logs and security data: retained for 2 years
- Cookie data: retained per the Cookie Policy, typically 13 months or session duration
7. Data Security
MergeAxis implements security measures consistent with the IT (Reasonable Security Practices) Rules, 2011, including:
- AES-256 encryption for all Deal Room data at rest
- TLS 1.3 encryption for all data in transit
- Role-based access controls
- Regular vulnerability assessments
- Cyber insurance coverage
In the event of a personal data breach, MergeAxis will notify affected Data Principals and the Data Protection Board of India within the timeframe specified under the DPDP Act.
8. Children's Privacy
MergeAxis is a professional B2B platform. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will delete it immediately.
9. Changes to this Privacy Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users and displayed prominently on the Website for 30 days before taking effect.