1. Data Controller: The operator of mergeIFC.com is the data controller pursuant to Article 4(7) GDPR and is responsible for the processing of all uploaded files.

2. Purpose and Legal Basis: Files are processed solely to provide the requested file merge service. The legal basis for processing is the performance of a contract pursuant to Article 6(1)(b) GDPR.

3. Data Storage: All files are stored on servers located within the European Union. Files are automatically deleted 24 hours after upload. Users may request immediate deletion by contacting info@mergeIFC.com.

4. Subprocessors: Third-party cloud infrastructure providers may process data on our behalf. All subprocessors are bound by data processing agreements ensuring GDPR compliance and appropriate security measures.

5. Security: Files are transmitted via HTTPS and stored on servers with access controls. Automatic deletion occurs after 24 hours. Operational logs are maintained only as necessary for service provision.

6. Data Subject Rights: Data subjects may exercise their rights under Articles 15–22 GDPR, including rights of access, rectification, erasure, restriction of processing, data portability, and objection, by contacting info@mergeIFC.com.

7. Limitation of Liability: The service is provided "as is". We are not liable for any loss, corruption, or unauthorized access to uploaded files. Users are responsible for maintaining backup copies of all files prior to upload.

8. Contact: info@mergeIFC.com