Privacy Policy

Privacy Policy

Meurer & Company Ltd. Privacy Policy
Last updated: February 23, 2026  ·  AXIOM Capital Governance Infrastructure

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Meurer & Company Ltd.
71–75 Shelton Street, Covent Garden
London, WC2H 9JQ, United Kingdom
Company Number: 17035372 (England and Wales)
Represented by: Felix Johannes Meurer, Director
Email: team@meurerco.com
Phone: +44 20 3831 6698

Meurer & Company Ltd. is incorporated under the laws of England and Wales. The processing of personal data of individuals in the European Economic Area (EEA) is conducted in full compliance with GDPR (EU) 2016/679 and applicable national data protection laws. As a UK-established company, M&Co is additionally subject to the UK GDPR as retained in UK law.

2. Hosting and Technical Infrastructure

2.1 Website Hosting — Framer / Vercel

This website is built and hosted using Framer, a web publishing platform whose infrastructure is operated by Vercel Inc. (San Francisco, CA, USA). When you visit this website, the following technical access data is automatically processed on Vercel’s servers:

  • Requested URL and page path

  • Date, time, and duration of access

  • IP address of the requesting device

  • Browser type, version, and operating system

  • Referrer URL (previously visited page)

  • Volume of data transferred

As Vercel is a US-based provider, this constitutes a transfer of personal data to a third country. This transfer is based on Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) GDPR, incorporated into Vercel’s Data Processing Agreement. Server log data is retained for a maximum of 30 days and is not combined with other data sources.

Infrastructure Provider (Website):
Vercel Inc., 340 Pine Street Suite 701, San Francisco, CA 94104, USA
Server location: United States (with EU edge nodes)
Transfer basis: Standard Contractual Clauses (Art. 46(2)(c) GDPR)

2.2 Contact Form — Framer Forms

This website includes a contact form powered by Framer Forms, processed through Vercel’s infrastructure. When you submit the contact form, the data you provide (name, email address, and message) is transmitted to and stored by Framer. The same third-country transfer basis (SCCs) applies as described in section 2.1.

Contact form data is used exclusively to respond to your enquiry and is retained for a maximum of 3 years following final resolution, unless a contractual relationship is established — in which case the retention periods in section 5 apply.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

2.3 Product Infrastructure — Supabase

The AXIOM Capital Governance Infrastructure stores and processes operational data using Supabase, hosted exclusively in the EU on Amazon Web Services infrastructure in Frankfurt, Germany (AWS EU-Central-1). No third-country transfer occurs in connection with product data storage. A Data Processing Agreement pursuant to Art. 28 GDPR is in place with Supabase Inc.

Infrastructure Provider (Product Database):
Supabase Inc., 970 Toa Payoh North, Singapore 318992
Database server location: Frankfurt, Germany (AWS EU-Central-1)
Transfer basis: EEA — no third-country transfer

3. Purposes of Data Processing

3.1 Website Operation and Contact

  • Provision and technical operation of the website

  • Processing of enquiries submitted via the contact form or by email

  • Communication in connection with the initiation and performance of contractual relationships

3.2 Contract Performance — AXIOM Infrastructure

  • Provision and operation of the AXIOM Capital Governance Infrastructure under existing contractual agreements

  • Processing of Structural Economic Metadata for the purpose of generating Infrastructure Signals, as defined in the applicable Master Service Agreement

  • Invoicing, contract administration, and client service

3.3 Compliance with Legal Obligations

  • Compliance with statutory retention and documentation requirements under commercial and tax law

  • Cooperation with regulatory or governmental requests to the extent required by applicable law

4. Legal Bases for Processing (Art. 6 GDPR)

Art. 6(1)(a)

Consent — Processing based on a freely given, informed, and revocable consent. Currently applicable to optional analytics cookies, if and when deployed.

Art. 6(1)(b)

Contract Performance — Processing necessary for the performance of a contract with the data subject or for pre-contractual measures taken at their request.

Art. 6(1)(c)

Legal Obligation — Processing necessary to fulfil statutory obligations, in particular commercial and tax law retention requirements.

Art. 6(1)(f)

Legitimate Interests — Processing based on the legitimate interests of M&Co (secure website operation, protection against abusive access, service development), where not overridden by the interests or rights of the data subject.

5. Data Retention

Personal data is retained only as long as necessary for the relevant processing purpose or as required by statutory retention obligations:

  • Server log files: Automatically deleted after a maximum of 30 days.

  • Contact form submissions: Deleted following final resolution of the enquiry, no later than 3 years thereafter.

  • Contractual documentation and invoices: 10 years pursuant to § 257 HGB and § 147 AO.

  • General business correspondence: 6 years pursuant to § 257 HGB.

  • Infrastructure Structural Economic Metadata: Duration of the contractual relationship plus 5 years for documentation and compliance purposes.

6. Rights of Data Subjects

You have the following rights under the GDPR in relation to your personal data processed by Meurer & Company Ltd.:

Right of Access (Art. 15)

You may request confirmation of whether personal data concerning you is processed and receive a copy of that data together with the information specified in Art. 15 GDPR.

Right to Rectification (Art. 16)

You may request the immediate rectification of inaccurate data or the completion of incomplete data.

Right to Erasure (Art. 17)

You may request deletion of your personal data where the conditions of Art. 17 GDPR are met and no overriding legal basis or retention obligation applies.

Right to Restriction of Processing (Art. 18)

Where the conditions of Art. 18 GDPR are satisfied, you may request that the processing of your personal data be restricted.

Right to Data Portability (Art. 20)

You may receive personal data you have provided in a structured, machine-readable format where processing is based on consent or a contract and is carried out by automated means.

Right to Object (Art. 21)

You may object at any time, on grounds relating to your particular situation, to processing based on Art. 6(1)(f) GDPR (legitimate interests).

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time with effect for the future. This does not affect the lawfulness of processing prior to withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority is determined by your habitual residence, place of work, or the location of the alleged infringement.

7. Data Protection Contact

To exercise your rights or for any data protection enquiry, please contact:

Data Protection Contact
Meurer & Company Ltd., Attn: Felix Johannes Meurer
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: team@meurerco.com
Phone: +44 20 3831 6698

We will respond without undue delay and in any event within one month of receipt. In exceptional cases, this period may be extended by a further two months; you will be informed of any such extension.

8. International Data Transfers

The UK benefits from an adequacy decision of the European Commission pursuant to Art. 45 GDPR, permitting data transfers between the EEA and the United Kingdom without additional authorisation.

Transfers to the United States in connection with website hosting and contact form processing (Framer / Vercel) are carried out on the basis of Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Product data stored in Supabase remains exclusively within the EEA (Frankfurt, Germany) and is not subject to any third-country transfer.

9. Cookies

This website uses only technically necessary cookies required for basic site operation, placed on the basis of Art. 6(1)(f) GDPR. No analytics, marketing, or tracking cookies are currently deployed. Should such tools be introduced in the future, this Policy will be updated and, where required, a consent mechanism will be implemented.

10. Updates to This Privacy Policy

This Privacy Policy was last updated on February 23, 2026. Meurer & Company Ltd. reserves the right to update this Policy to reflect changes in applicable law or data processing practices. The current version is available on this website at all times.

Meurer & Company Ltd.  ·  71–75 Shelton Street, London WC2H 9JQ  ·  team@meurerco.com