This Privacy Policy ("Policy") is established by MerlinLife, Inc. ("Company"), effective June 12th, 2025, to explain how we collect, use, and protect your personal information through our website at MerlinLife.com. We collect sensitive personal information including names, addresses, social security numbers, driver's license numbers, health records, and financial details through various forms on our website such as contact forms, application forms, and advisor consultation requests. We use third-party service providers including custom CRM solutions and analytics tools like Google Analytics, and we implement cookies and tracking technologies to improve your experience.
MerlinLife, Inc. is an Alabama-based company incorporated in the United States that provides a wide variety of life insurance services. Our services include life settlement brokerage and paid policy consultations for life insurance policies that are soon to lapse, helping clients navigate complex insurance decisions. We do not share your data for marketing purposes but may retain personal information for future MerlinLife projects and applications. We employ industry-standard security measures including SSL encryption and comply with all relevant federal and state privacy laws including HIPAA (when applicable), the Gramm-Leach-Bliley Act, and Alabama's Insurance Information and Privacy Protection Act. By submitting forms on our website, you consent to our data practices, though you may opt out at any time by contacting us at [email protected].
1. Introduction And Scope
This Privacy Policy ('Policy') outlines the approach MerlinLife, Inc. ('Company') takes to manage and protect personal data collected through its website ('MerlinLife.com'). The Policy serves to inform stakeholders of the measures employed to ensure the confidentiality, security, and lawful use of such information. The scope of this Policy includes all data collected from users ('Users') who interact with the Website, and it applies to the Company's processes, employees, and third-party service providers involved in handling this data. By accessing and using the Website, Users are consenting to the data practices described in this Policy. The Company is committed to adhering to applicable laws and regulatory requirements governing data privacy and protection.
2. Information Collected
Our Company collects various types of personal and sensitive information from users to fulfill our services and ensure a high level of operational efficiency. The categories of information collected include, but are not limited to:
a. Personal Information: This includes data that can personally identify a user, such as names, addresses, phone numbers, email addresses, social security numbers, and drivers' license numbers.
b. Sensitive Personal Information: This encompasses details such as financial information (e.g., bank account numbers, credit card details), health insurance information, medical history, and health records. This information is necessary for processing life settlement applications and may be collected through various forms and communications.
c. Health Information: We gather detailed health records and medical data that are crucial for assessing and managing life settlement policies. This includes, but is not limited to, health status, medical history, physician details, and treatment records.
The collection of the aforementioned information is strictly confidential, and users consent to its use by submitting relevant forms on our website. We strive to collect only the essential information needed to provide and enhance our services.
3. Methods Of Data Collection
The Company collects information from users in several ways to provide and improve our services. These methods include:
a. Forms: Users provide personal information through various forms available on MerlinLife.com, such as contact forms, application forms, and advisor consultation requests. This direct method allows the Company to collect essential details to facilitate our services.
b. Cookies and Tracking Technologies: The Company uses cookies and similar tracking technologies to gather data on user interactions and preferences on MerlinLife.com. Cookies are small files placed on a user's device to collect standard Internet log information and visitor behavior information. This data helps the Company analyze website traffic, personalize user experience, and facilitate certain features and functionalities of the website. Users can manage their cookie preferences through their web browser settings.
c. Service Providers: The Company partners with third-party service providers who assist in collecting and processing user data. These providers include but are not limited to, custom CRM solutions and analytics tools such as Google Analytics. These tools help the Company understand user behavior, improve website performance, and support our internal analytics and research. All third-party providers are required to comply with relevant privacy obligations and are only permitted to use the information as necessary to perform services on behalf of the Company.
4. Use Of Information
The Company uses the collected information primarily to fulfil its Business Purpose of acting as a life settlement broker. Specifically, the information is used for the following purposes:
a. To process user inquiries and requests for advisor consultations;
b. To evaluate and process life settlement applications;
c. To communicate with users regarding their transactions and updates relevant to their inquiries;
d. To enhance user experience by utilizing cookies and tracking technologies (Refer to Section 11 for more details);
e. To improve website functionality, design, and performance through analytics and feedback;
f. To conduct internal research and development activities that focus on improving the Company's services, exploring new business opportunities, and developing Future MerlinLife Projects and Applications;
g. To comply with legal and regulatory requirements applicable to the Company (Refer to Section 10 for more details).
The Company will ensure these purposes are aligned with user expectations and relevant compliance standards.
5. Legal Basis For Processing (Including User Consent)
The Company processes personal data based on several legal grounds to ensure compliance with applicable laws and to provide users with services and information relevant to their needs. The primary legal bases for processing include:
a. User Consent: By submitting forms on MerlinLife.com, users provide explicit consent for the Company to collect, use, and retain their personal data for purposes including research and development and future MerlinLife projects and applications as detailed in Section 4: Use of Information. Users may withdraw their consent at any time by opting out, which involves contacting the Company at [email protected] and requesting the deletion of their personal information. Withdrawal of consent will not affect the legality of processing based on consent before its withdrawal;
b. Contractual Necessity: Processing personal data may be necessary to fulfill the services requested by users, such as advisory consultations and life settlement applications;
c. Legal Obligations: The Company may process personal data to comply with legal obligations under federal and state privacy laws and regulations, including HIPAA (if applicable), the GLBA, and Alabama's Insurance Information and Privacy Protection Act;
d. Legitimate Interests: These interests may include enhancing user experience, improving website security, preventing fraud, and conducting internal analytics to better serve users.
The Company commits to transparency in its data practices and guarantees users' right to opt out or request modification and deletion of their personal data without any adverse effects on service provision.
6. Data Sharing And Disclosure
MerlinLife, Inc. is committed to protecting your personal data and ensuring transparency in how it is shared and disclosed. Personal data collected through MerlinLife.com may be shared with third-party service providers only under specific circumstances. These providers assist the Company in achieving its business purpose, which includes facilitating life settlement transactions, improving website functionality, providing customer support, and performing data analytics. Personal data will only be shared under the following conditions:
a. With third-party service providers: The Company engages trusted third-party entities to support various business operations. These service providers are contractually obligated to maintain the confidentiality and security of personal data and are prohibited from using your information for any purposes other than those specified by MerlinLife.
b. For legal obligations: MerlinLife may disclose personal data when required to comply with legal obligations, such as responding to a subpoena, court order, or other legal process, or to protect the Company's rights, property, or safety, as well as that of our users, employees, or others.
c. For business transfers: In the event of a merger, acquisition, or sale of all or a portion of MerlinLife's assets, personal data may be transferred to the new owner as part of the transaction. Users will be notified of such events and given the opportunity to opt-out of data transfer within a specified period.
By using MerlinLife.com, you consent to the sharing and disclosure of your personal data as outlined above. If you have any questions or concerns about how your personal data is shared, please contact us at [email protected].
7. Data Retention And Deletion
The Company is committed to retaining personal data only for as long as necessary to fulfill the Business Purpose or to comply with applicable legal, regulatory, or internal policy requirements.
Data Retention:
a. Personal data collected by the Company will be retained for the duration of the user's relationship with the Company and as long as necessary to fulfill the Business Purpose.
b. After the termination of the relationship, the Company will retain personal data as required by applicable laws and regulations, or as necessary to address any existing contractual obligations or potential disputes.
c. In cases where retention is no longer required by law or contract, the Company will delete or anonymize the personal data in a secure manner.
Data Deletion Request:
d. Users have the right to request the deletion of their personal data at any time. Deletion requests can be made by contacting the Company at '[email protected]'.
e. Upon receiving a data deletion request, the Company will:
e.1 Confirm the identity of the requester to prevent unauthorized deletion requests.
e.2 Review the request to ensure compliance with applicable legal and regulatory requirements and obligations.
e.3 Where legally permissible, promptly delete or anonymize the requested personal data from the Company's systems and notify the user upon completion.
If the Company is unable to delete the personal data due to legal or regulatory obligations, the Company will inform the user of the reasons for the denial and the time frame for which the data will be retained.
8. User Rights And Choices
MerlinLife, Inc. values the rights and choices of its users regarding their personal data. Users are entitled to exercise various rights concerning their data collected through MerlinLife.com. These rights include, but are not limited to, opting out of data collection or marketing communications and requesting the deletion of their personal data. To exercise these rights, users may contact the Company directly at [email protected]. Upon receiving a Data Deletion Request, the Company will take reasonable steps to ensure that the data is permanently removed from its systems, subject to legal requirements and the sections defined in Section 7: Data Retention and Deletion. Users may also opt out of specific data processing activities, such as the use of cookies and tracking technologies, by adjusting their browser settings or utilizing available opt-out mechanisms provided by third-party tools, as outlined in Section 11: Cookies and Tracking Technologies. MerlinLife, Inc. will comply with such requests promptly and within the timeframes stipulated by applicable privacy laws.
9. Security Measures
To ensure the protection and security of Sensitive Personal Information, including Health Information and other data collected through MerlinLife.com, the Company employs a robust framework of physical, technological, and organizational safeguards. Our security measures are designed to prevent unauthorized access, disclosure, alteration, or destruction of data and to uphold the integrity and confidentiality of user information. These measures include, but are not limited to, the following protocols:
a. Physical Safeguards:
1. Secure access controls to Company facilities, including surveillance systems and restricted access areas.
2. Employee identification and authentication procedures for entry into sensitive areas that contain user data.
b. Technological Safeguards:
1. Encryption of data transmissions using SSL (Secure Socket Layer) technology to protect data during online exchanges.
2. Utilization of advanced firewalls and intrusion detection systems to monitor and respond to potential breaches.
3. Regular software updates and patches to address vulnerability risks.
c. Organizational Safeguards:
1. Employee training programs focused on data protection and privacy laws to reinforce security protocols.
2. Strict access controls ensuring only designated employees with requisite approval can access Sensitive Personal Information.
3. Comprehensive incident response plans to manage and mitigate any data breaches efficiently.
The Company is committed to maintaining these security measures and regularly reviews and updates its protocols to adapt to evolving security threats and compliance requirements.
10. Compliance With Applicable Laws
MerlinLife, Inc. affirms its commitment to complying with all applicable federal and state privacy laws to protect the privacy and confidentiality of user information. This includes adherence to the Health Insurance Portability and Accountability Act (HIPAA), if applicable, which governs the handling of health information; the Gramm-Leach-Bliley Act (GLBA), which dictates the management of non-public personal information; and the relevant statutes of the state of Alabama, such as the Alabama Insurance Information and Privacy Protection Act. The Company ensures that these legal frameworks are integrated into its data collection, processing, and security practices. MerlinLife, Inc. routinely reviews and updates its policies and procedures to remain compliant with these laws, providing a secure environment for user data. In case of any breach of sensitive personal information, the Company will act in accordance with the legal requirements set forth in Section 9: Security Measures.
11. Cookies And Tracking Technologies
Our website, MerlinLife.com, uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and improve our services. Cookies are small data files that are stored on your device when you visit a website. These files help the website remember your preferences and activities for future visits. We use both session cookies, which expire when you close your browser, and persistent cookies, which remain on your device until you delete them or they expire after a specific period. We also use tracking technologies such as beacons, tags, and scripts to collect and track information and to improve and analyze our website's performance. The data collected through cookies and tracking technologies may include your IP address, browser type, device information, and usage patterns. We employ third-party analytics services, such as Google Analytics, to help us understand how visitors interact with our website. These third-party service providers may use cookies or other tracking technologies to collect information about your online activities across different websites and devices over time. You can control your cookie preferences through your browser settings, and you may choose to accept or decline cookies. However, if you opt out of cookies or block them, some parts of our website may not function properly. By using our website, you agree to our use of cookies and tracking technologies as described in this Policy. For more detailed information about how to manage your cookie settings and preferences, please refer to Section 3: Methods of Data Collection.
12. Children's Privacy
MerlinLife, Inc. is committed to protecting the privacy of children and does not knowingly collect personal information from children under the age of 13 through MerlinLife.com. If it is discovered that the Company has unintentionally collected information from children under 13 years of age, the information will be promptly deleted from its records. Parents or guardians who believe that their child may have provided personal information to the Company without their consent are encouraged to contact the Company immediately at [email protected] so that the information can be removed. The Company advises children under 13 to seek permission from their parents or guardians before using the Company's website or submitting any personal data.
13. Data Transfers And International Users
The Company may transfer your personal data to, and process your personal data in, countries other than the country in which you are resident. By using MerlinLife.com and providing your personal data, you acknowledge and agree that your personal data may be transferred to, and processed in, the United States or any other country where the Company or its affiliates, subsidiaries, or service providers maintain facilities. While such data is in another jurisdiction, it may be accessed by the courts, law enforcement, and national security authorities pursuant to the laws applicable in that jurisdiction. The Company will take appropriate measures to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable law, including entering into data transfer agreements based on the European Union's Standard Contractual Clauses where applicable. However, it is important to note that the U.S. laws governing data protection may not be as comprehensive or protective as those in your country.
14. Notification Of Changes To This Policy
MerlinLife, Inc. will inform users of any updates or changes to this Privacy Policy by posting a revised version on the Company's website, MerlinLife.com. The 'Effective Date' at the beginning of the revised Policy will be updated to reflect the date of the changes. Users are encouraged to review the Privacy Policy regularly for any modifications. If substantive changes are made that impact users' rights or the way personal information is handled, the Company will also provide a prominent notice on the website or communicate directly with users through email notifications, provided the Company possesses users' contact information. Continued use of the website after any modifications to the Policy constitutes acceptance of the revised terms.
15. Contact Information
MerlinLife, Inc. is committed to addressing any privacy-related inquiries or requests promptly. Users can contact us through the following methods for any concerns regarding their personal data, including requests for data deletion, opting out of data processing, or any other privacy-related issues:
a. Email: Users can email us at [email protected]. We endeavor to respond to all inquiries within 10 business days.
b. Website Contact Form: Users can also reach out through the contact form available on our website MerlinLife.com. This method ensures a quicker route to our support team.
To ensure your inquiry is processed efficiently, please include the following information:
1. Name and contact details
2. Description of the inquiry or request
3. Any relevant documentation that would aid in addressing the concern
Your privacy is our priority, and we will take the necessary steps to ensure your concerns are managed in accordance with our Privacy Policy.
16. Special Provisions Related To Mergers And Acquisitions
In the event of a sale, merger, or acquisition of MerlinLife, Inc. ('Company'), user data may be transferred to the new entity as part of the transaction. The Company is committed to ensuring that users are informed and their consent is secured before any such transfer happens. Specifically, the following procedures will be followed:
a. Notice: Users will be notified at least 60 days prior to the completion of the sale, merger, or acquisition. Notification will be made via email to the address provided by the user as well as a prominent message on the Company's website.
b. Consent: Users will have the opportunity to provide or withdraw their consent for the transfer of their data. Consent can be provided electronically via a form linked in the notification email or through a designated portal on the Company's website.
c. Data Handling: Until transfer, the Company will continue to protect user data under its existing privacy and security protocols. The new entity inheriting the data will be required to uphold similar or superior standards of data protection.
d. User Rights: Users will be given the option to request deletion or copies of their data prior to its transfer. Requests must be submitted within the 60-day notification period. Users may contact the Company directly at [email protected] to exercise these rights.
e. Compliance: The process will comply with all relevant federal and state privacy laws and regulations, ensuring transparency and protection of user rights.