Privacy Policy
MMM Labs – www.mmmlabs.ai and MMM Labs Platform
In ScanmarQED Holding B.V., a private limited liability company incorporated in the Netherlands, with its registered office at Papiermolen 32, 3994 Houten, the Netherlands, registered with the Dutch Chamber of Commerce under number 84217111, VAT ID: NL009546935B01 (“ScanmarQED” or “we”) and our companies from ScanmarQED Group, we, as a data controller, pay great attention to protecting your personal data.
Effective since: 1st May 2026
This Privacy Policy describes how we process personal data in connection with (i) our website at www.mmmlabs.ai (“Website”) and (ii) the MMM Labs Platform (“Platform”), our marketing-mix modelling Software-as-a-Service offering.
It explains for what purposes we process your personal data, from which sources we obtain this data, who processes your personal data on our behalf, to whom we transfer it, and how we ensure the security of your data. In the last sections, we set out what rights you have when we process your personal data and how you can exercise them.
This Privacy Policy may be amended from time to time. The latest version of this Privacy Policy shall always apply and will be made available on the Website. You can always connect with us on the email support@scanmarqed.com.
Note on client model data. When we process data on behalf of our customers in connection with the provision of MMM Labs Services (for example, model inputs that the customer provides to us), we act as a data processor and the processing is governed by the Data Processing Agreement that forms part of our Terms and Conditions, not by this Privacy Policy.
-
-
A. Categories of personal data we process
-
B. Purposes of processing
-
C. Sources of personal data
-
D. Cookies and other digital identifiers
-
E. Processors and other personal data recipients
-
F. Measures for data protection
-
G. Retention of personal data
-
H. Your rights related to processed personal data
-
I. Right to lodge a complaint
-
J. Changes to this Privacy Policy
A. Categories of personal data we process
Below are the categories of personal data, including examples, that we can process for the purposes set out in the following section. We refer to these categories in other parts of this Privacy Policy.
-
Identification data. Name and surname (and, where relevant, job title), so we can identify you while concluding or fulfilling a contract with you or the entity you represent, or while you are using the Platform.
-
Contact details. Business e-mail address, business telephone number and the company you represent, so we can make the Platform available to you and communicate with you.
-
Account and login data. Username, single sign-on identifiers, role and permission attributes within the Platform, and the timestamp of your last login.
-
Payment and billing details. Customer entity details, billing contact, purchase order references and invoice records, processed to manage and account for your subscription. We do not process or store payment card numbers; payment card data is handled directly by our payment processor.
-
Records of our mutual communication. Any personal data contained in e-mails, support tickets, in-app chat, calls and meeting notes that you exchange with us, including any attachments.
-
Information about Platform usage and telemetry. Pages and features used, session timestamps, configuration changes, IP address, device type, operating system and browser, and security and audit logs that record actions performed within the Platform. We use this data to operate the Platform, monitor and improve performance, ensure security and integrity, and detect and prevent abuse.
-
Information about Website usage. When you visit www.mmmlabs.ai we automatically receive your IP address and information your browser sends, such as the pages you visit, time spent, referring URL, and operating system and browser version.
-
Information from cookies and other tracking technologies. If you have enabled the storage of cookies in your browser, they send us additional information, for example about the pages you visit and your preferences. For more information on the use of cookies and similar technologies, please see Section D “Cookies and other digital identifiers” below.
B. Purposes of processing
B.1. For our customers and Platform users
If you are our customer or use the Platform under a contract concluded between us and the entity you represent, your personal data, and where applicable personal data of your employees or contractors, will be processed for the following purposes:
- Provision of the Platform and performance of our contract. We process your personal data to make the Platform available to you, manage your account, authenticate you, deliver the modelling, reporting and advisory outputs agreed under the contract, and provide customer support. For this purpose, we process Identification data, Contact details, Account and login data, Records of our mutual communication and Information about Platform usage and telemetry. The legal basis is the performance of a contract or our legitimate interest in administering the contractual relationship with the entity you represent.
- Billing, accounting and protection of our rights and claims. We process your personal data to invoice you, collect payment, keep statutory accounting records, and to establish, exercise or defend legal claims (in judicial, extrajudicial, enforcement or similar proceedings). For this purpose, we process Identification data, Contact details, Payment and billing details and Records of our mutual communication. The legal basis is compliance with our legal obligations and our legitimate interest.
- Security, integrity and abuse prevention. We process Account and login data and Information about Platform usage and telemetry to monitor and protect the Platform, detect and prevent fraud, unauthorised access and other security incidents, and to investigate and respond to incidents. The legal basis is our legitimate interest in operating a secure service and, where applicable, compliance with our legal obligations.
- Improvement of the Platform. We process Information about Platform usage and telemetry on an aggregated and pseudonymised basis to understand how the Platform is used, fix issues and improve features. The legal basis is our legitimate interest. This processing does not constitute automated decision-making producing legal effects on you.
- Compliance with legal obligations. We process personal data to comply with legal obligations imposed on us, including tax, accounting, anti-money-laundering, sanctions screening and similar requirements. The legal basis is compliance with our legal obligations.
- Marketing communication and promotion of our services. We may send our newsletter and other marketing communication or process your personal data to promote our services. For this purpose, we mainly process Identification data and Contact details. If you are our customer, we are entitled to offer you similar services to those already provided on the basis of our legitimate interest. Otherwise, we will only send you marketing communication on the basis of your consent. You can withdraw your consent or object to this processing at any time, including via the unsubscribe link in any marketing message or by writing to support@scanmarqed.com. Withdrawal of consent does not affect the lawfulness of processing prior to such withdrawal.
B.2 For Website visitors
If you visit www.mmmlabs.ai, your personal data will be processed for the following purposes:
-
Operation and security of the Website. We process Information about Website usage and strictly necessary cookies to operate the Website, deliver the content you request, and ensure its security and integrity. The legal basis is our legitimate interest. We generally retain this data for up to 24 months after your visit.
-
Analytics and measurement. Subject to your consent given through the cookie consent banner, we use cookies and similar technologies to understand how visitors use the Website (for example, which pages are most viewed and how visitors navigate between them) so we can improve and optimise it. We retain this data for the duration of your consent and in any case no longer than 24 months. The legal basis is your consent.
-
Marketing and promotion on the Website. Subject to your consent given through the cookie consent banner, we and our advertising partners use cookies and similar technologies to show you relevant content and advertising on the Website and on third-party platforms, and to measure the effectiveness of our marketing. The legal basis is your consent. You can withdraw your consent at any time via the cookie preferences link on the Website.
C. Sources of personal data
We process the personal data that you (or the entity you represent) provide to us when concluding a contract, when registering on the Platform, when contacting us, and when visiting the Website.
We may also collect personal data automatically when you use the Platform or visit the Website (such as Account and login data, Information about Platform usage and telemetry, Information about Website usage and Information from cookies and other tracking technologies). We may derive other data from the data set out above.
We may also receive personal data from our partners, including resellers, identity providers (where you authenticate via single sign-on) and integration partners that pass data to us based on your or your organisation’s instructions.
D. Cookies and other digital identifiers
Each time you visit the Website, we may store cookies – small files containing information about your visit – on your device and read them on subsequent visits. We use both session cookies (deleted after your visit) and persistent cookies that remain on your device for a set period, but no longer than 24 months. In addition to cookies, we use other similar technologies, such as web beacons and pixel tags, that have a similar function to cookies.
We use four categories of cookies and similar technologies on the Website: (i) strictly necessary (required for the Website to function and to keep it secure), (ii) preferences (remember your settings, such as language), (iii) analytics (help us understand how the Website is used), and (iv) marketing (used by us and our partners to deliver and measure relevant advertising). All categories other than strictly necessary cookies are activated only with your consent given through the cookie consent banner. You can withdraw or change your consent at any time using the cookie preferences link on the Website.
Where cookies cause your data to be transferred to processors or third parties, those recipients are listed in Section E and, where applicable, in the cookie consent banner.
E. Processors and other personal data recipients
The processing of your personal data involves processors who always act on our documented instructions and for the purposes set out in this Privacy Policy. The current categories of processors involved in the operation of the Website and the Platform include:
- cloud infrastructure and data hosting providers;
- identity, authentication and single sign-on providers;
- product analytics, error monitoring and observability providers used in connection with the Platform;
- Website analytics, marketing-automation and advertising providers (only where you have given consent through the cookie banner);
- customer-relationship-management, support and communication tools used to manage our interactions with you;
- professional advisers, including auditors and legal counsel, where strictly necessary.
An up-to-date list of named sub-processors is available on request from support@scanmarqed.com and is also referenced in our Data Processing Agreement.
F. Measures for data protection
Protecting your data is our priority. For this reason, we have adopted, maintain and continuously improve technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, damage or disclosure. As part of our dedication to maintaining the highest standards of data protection, we are a holder of the latest ISO 27001:2022 certification.
These measures include role-based access controls and the principle of least privilege; encryption of data in transit and at rest; multi-factor authentication for administrative access; centralised logging and monitoring; vulnerability management, secure development practices and regular penetration testing; vendor and sub-processor risk assessment; documented incident-response and business-continuity procedures; and confidentiality obligations imposed on all personnel and processors with access to personal data.
G. Retention of personal data
We retain personal data only for as long as necessary for the purposes for which it was collected, and in particular:
- Customer relationship and Platform use: for the duration of the contractual relationship with the entity you represent and for the duration of the applicable statutory limitation period thereafter (typically up to 7 years after termination of the contract under Dutch law, or longer where required by other applicable law).
- Accounting and tax records: for the period required by Dutch tax and accounting law (currently 7 years).
- Marketing communication: for the duration of the customer relationship and up to 2 years thereafter, or until you withdraw your consent or object to the processing, whichever is earlier.
- Website analytics and marketing cookies: for the duration of your consent, and in any case no longer than 24 months.
- Security and audit logs: for as long as necessary to ensure the security and integrity of the Platform, typically not longer than 30 days, unless a longer period is required to investigate an incident or comply with a legal obligation.
H. Your rights related to processed personal data
You have the following rights in relation to the processing of your personal data, which you can exercise by contacting us at support@scanmarqed.com. We will respond as soon as possible and, in any event, within 1 month of receipt of your request. In exceptional cases, we may extend this period by a further 2 months and will inform you of any such extension.
- Right of access. You have the right to obtain confirmation as to whether we are processing your personal data and, where we are, access to that data and to information about the purposes and scope of the processing, the recipients of the data, the duration of the processing, your rights, the right to lodge a complaint with a supervisory authority and the sources of the personal data. You can also ask us for a copy of the personal data we process; the first copy is free of charge, further copies may be subject to a reasonable fee.
- Right to rectification. You have the right to request that we correct inaccurate personal data concerning you and, where relevant, complete incomplete personal data.
- Right to erasure (“right to be forgotten”). You have the right to request the erasure of your personal data where one of the grounds set out in Article 17 GDPR applies. This right does not apply where processing is necessary for compliance with a legal obligation to which we are subject, or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing. You have the right to request that we restrict the processing of your personal data in the cases set out in Article 18 GDPR.
- Right to data portability. You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller, where the processing is based on your consent or on a contract and is carried out by automated means.
- Right to object. You have the right to object, on grounds relating to your particular situation, to processing of your personal data based on our legitimate interest. You also have the right to object at any time to processing for direct-marketing purposes; we will stop such processing on receipt of your objection.
- Right to withdraw consent. Where processing is based on your consent, you can withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to such withdrawal.
- Right not to be subject to automated decision-making. You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. We do not carry out such processing in the operation of the Website or the Platform.
I. Right to lodge a complaint
In addition to exercising your rights with us, you have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or the alleged infringement. For the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), Hoge Nieuwstraat 8, 2514 EL The Hague, Netherlands (https://autoriteitpersoonsgegevens.nl).
J. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example to reflect changes to our services, applicable law or our processing activities. The updated version will be made available on the Website with the effective date noted at the top of this document. Where the change is material, we will notify you in advance through the Platform or by e-mail.
-3.png)