Privacy Policy

Privacy Policy (GDPR / TTDSG)

Effective date: 01.10.2025

1. Controller
Scope Merge
Youssef Hedhili
Winsstr. 59, 10405 Berlin, Germany
Email: admin@scope-merge.com

If you interact with Scope Merge SUARL, Bureau A1, Immeuble Tamayouz, 1082 Centre Urbain Nord, Tunis (Tunisia), that entity may act as our processor or, in some cases, as a joint controller. The essence of any joint-controller arrangement is available upon request.

Supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin
mailbox@datenschutz-berlin.de | +49 30 13889-0

2. How We Process Personal Data

We process personal data in compliance with the General Data Protection Regulation (GDPR) and the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG).
We only collect the data necessary for each purpose and keep it no longer than required.

a) Website Operation and Security
Data: IP address, browser/device data, timestamps, and server logs
Purpose: Ensure website stability, prevent misuse, monitor performance
Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in secure, functional website)
Recipients: Hosting and security service providers
Retention: 14–30 days unless longer retention is required for incidents

b) Essential Cookies
Data: Technical identifiers needed to operate the site
Legal basis: §25 (2) TTDSG and Art. 6 (1)(f) GDPR
Retention: Session or up to 12 months
Non-essential cookies (analytics, marketing) are only set after consent via our cookie banner.

c) Analytics (Google Analytics 4)
Data: Usage data, pseudonymous identifiers, device and browser info
Legal basis: Consent (§25 (1) TTDSG + Art. 6 (1)(a) GDPR)
Provider: Google Ireland Ltd., with transfers to the U.S. under SCCs and the EU-US Data Privacy Framework
Settings: IP anonymized, Consent Mode activated, retention 2–14 months
Opt-out: Through cookie banner or browser add-on

d) Contact Forms and Email Inquiries
Data: Name, email, company, message, metadata
Purpose: Respond to your inquiry or follow up on business interests
Legal basis: Art. 6 (1)(b) GDPR (if pre-contractual), otherwise Art. 6 (1)(f) GDPR
Retention: 12 months after last interaction unless statutory obligation applies

e) Webinar Registration and Delivery (ScoreApp + Zoom / Google Meet)
Data: Name, email, company, role, quiz answers, preferences, event participation
Purpose: Process registrations, host webinars, send related materials, and measure engagement
Legal basis: Art. 6 (1)(b) GDPR (performance of contract) and Art. 6 (1)(a) GDPR (consent for marketing follow-ups)
Processors:
ScoreApp Ltd. (UK) – data stored in EU/UK datacenters under UK GDPR and SCCs
Zoom Video Communications Inc. (USA) or Google Ireland Ltd., depending on platform, under SCCs and DPF
Retention: 24 months after event unless you withdraw consent

f) Recruiting and EOR (Employer-of-Record) Services
Data: CV, profile information, education, work history, references, salary expectations
Purpose: Assess candidates, connect with clients, maintain talent database
Legal basis: Art. 6 (1)(b) GDPR (for placement process) and Art. 6 (1)(f) GDPR (legitimate interest in staffing services)
Recipients: Potential clients evaluating profiles and HR system providers
Transfers: Possible to Tunisia for HR and recruiting operations under SCCs and contractual safeguards
Retention: 6 months after application if not hired; longer only with your consent to join our talent pool

g) Marketing and Newsletter Communications
Data: Name, email, interactions with emails and campaigns
Legal basis: Art. 6 (1)(a) GDPR (consent)
Opt-out: At any time via unsubscribe link or email to admin@scope-merge.com
Retention: Until withdrawal of consent or 24 months of inactivity

3. International Data Transfers
When personal data is transferred outside the EEA, we use:
Adequacy decisions (e.g., UK or US DPF)
Standard Contractual Clauses approved by the European Commission
Additional technical and organizational measures such as encryption and access controls.
A copy of relevant safeguards can be requested at admin@scope-merge.com.

4. Data Retention
We retain data only as long as necessary for each purpose or as required by law.
After expiry, data is deleted or anonymized following a documented retention schedule.

5. Your Rights
You have the following rights under Articles 15–21 GDPR:
Access to your data
Rectification of inaccurate data
Erasure (“right to be forgotten”)
Restriction of processing
Data portability
Objection to processing based on legitimate interest
Withdrawal of consent at any time without affecting prior lawful processing
To exercise your rights, contact admin@scope-merge.com.
You also have the right to lodge a complaint with the supervisory authority named above.

6. Cookies and Consent Management
We use a Consent Management Platform (CMP) to store and document your choices.
Non-essential cookies and trackers are activated only after opt-in.
You can change your preferences at any time through “Cookie Settings.”
This complies with §25 TTDSG and relevant case law (Planet49 C-673/17).

7. Data Security
We apply state-of-the-art technical and organizational measures to protect personal data against loss, misuse, or unauthorized access.

8. Children
Our website and services are intended for business and professional audiences. We do not knowingly collect data from children under 16.

9. Changes to This Policy
We may update this policy from time to time to reflect legal or operational changes. The latest version is always available on our website with the effective date shown above.

10. Contact
For questions about privacy or to exercise your rights, please contact:
Scope Merge – Data Protection Office
Winsstr. 59, 10405 Berlin, Germany
admin@scope-merge.com

Join us and contribute to a company that values innovation and growth in a supportive environment.

quick links
about ussuccess storiescareersinsightscontact us
legal pages
imprintprivacy & policy
© Copyright 2024 Scope Merge . All rights reserved.