Start Here

Privacy Policy

Privacy Policy (GDPR / TTDSG)

Effective date: 01.10.2025

1. Controller

Scope Merge
Youssef Hedhili
Winsstr. 59, 10405 Berlin, Germany
Email: admin@scope-merge.com

If you interact with Scope Merge SUARL, Bureau A1, Immeuble Tamayouz, 1082 Centre Urbain Nord, Tunis (Tunisia), that entity may act as our processor or, in some cases, as a joint controller. The essence of any joint-controller arrangement is available upon request.

Supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin
mailbox@datenschutz-berlin.de | +49 30 13889-0

2. How We Process Personal Data

We process personal data in compliance with the General Data Protection Regulation (GDPR) and the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG). We only collect the data necessary for each purpose and keep it no longer than required.

a) Website Operation and Security

Data: IP address, browser/device data, timestamps, and server logs

Purpose: Ensure website stability, prevent misuse, monitor performance

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in secure, functional website)

Recipients: Hosting and security service providers

Retention: 14–30 days unless longer retention is required for incidents

b) Essential Cookies

Data: Technical identifiers needed to operate the site

Legal basis: §25 (2) TTDSG and Art. 6 (1)(f) GDPR

Retention: Session or up to 12 months

Non-essential cookies (analytics, marketing) are only set after consent via our cookie banner.

c) Analytics (Google Analytics 4)

Data: Usage data, pseudonymous identifiers, device and browser info

Legal basis: Consent (§25 (1) TTDSG + Art. 6 (1)(a) GDPR)

Provider: Google Ireland Ltd., with transfers to the U.S. under SCCs and the EU-US Data Privacy Framework

Settings: IP anonymized, Consent Mode activated, retention 2–14 months

Opt-out: Through cookie banner or browser add-on

d) Contact Forms and Email Inquiries

Data: Name, email, company, message, metadata

Purpose: Respond to your inquiry or follow up on business interests

Legal basis: Art. 6 (1)(b) GDPR (if pre-contractual), otherwise Art. 6 (1)(f) GDPR

Retention: 12 months after last interaction unless statutory obligation applies

e) Webinar Registration and Delivery (ScoreApp + Zoom / Google Meet)

Data: Name, email, company, role, quiz answers, preferences, event participation

Purpose: Process registrations, host webinars, send related materials, and measure engagement

Legal basis: Art. 6 (1)(b) GDPR (performance of contract) and Art. 6 (1)(a) GDPR (consent for marketing follow-ups)

Processors:
ScoreApp Ltd. (UK) – data stored in EU/UK datacenters under UK GDPR and SCCs
Zoom Video Communications Inc. (USA) or Google Ireland Ltd., depending on platform, under SCCs and DPF

Retention: 24 months after event unless you withdraw consent

f) Recruiting and EOR (Employer-of-Record) Services

Data: CV, profile information, education, work history, references, salary expectations

Purpose: Assess candidates, connect with clients, maintain talent database

Legal basis: Art. 6 (1)(b) GDPR (for placement process) and Art. 6 (1)(f) GDPR (legitimate interest in staffing services)

Recipients: Potential clients evaluating profiles and HR system providers

Transfers: Possible to Tunisia for HR and recruiting operations under SCCs and contractual safeguards

Retention: 6 months after application if not hired; longer only with your consent to join our talent pool

g) Marketing and Newsletter Communications

Data: Name, email, interactions with emails and campaigns

Legal basis: Art. 6 (1)(a) GDPR (consent)

Opt-out: At any time via unsubscribe link or email to admin@scope-merge.com

Retention: Until withdrawal of consent or 24 months of inactivity

3. International Data Transfers

When personal data is transferred outside the EEA, we use:

  • Adequacy decisions (e.g., UK or US DPF)
  • Standard Contractual Clauses approved by the European Commission
  • Additional technical and organizational measures such as encryption and access controls

A copy of relevant safeguards can be requested at admin@scope-merge.com.

4. Data Retention

We retain data only as long as necessary for each purpose or as required by law. After expiry, data is deleted or anonymized following a documented retention schedule.

5. Your Rights

You have the following rights under Articles 15–21 GDPR:

  • Access to your data
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing based on legitimate interest
  • Withdrawal of consent at any time without affecting prior lawful processing

To exercise your rights, contact admin@scope-merge.com.

You also have the right to lodge a complaint with the supervisory authority named above.

6. Cookies and Consent Management

We use a Consent Management Platform (CMP) to store and document your choices. Non-essential cookies and trackers are activated only after opt-in.

You can change your preferences at any time through “Cookie Settings.”

This complies with §25 TTDSG and relevant case law (Planet49 C-673/17).

7. Data Security

We apply state-of-the-art technical and organizational measures to protect personal data against loss, misuse, or unauthorized access.

8. Children

Our website and services are intended for business and professional audiences. We do not knowingly collect data from children under 16.

9. Changes to This Policy

We may update this policy from time to time to reflect legal or operational changes. The latest version is always available on our website with the effective date shown above.

10. Contact

Scope Merge – Data Protection Office
Winsstr. 59, 10405 Berlin, Germany
admin@scope-merge.com