Security & Compliance

Last updated: 7 April 2026

This page provides a high-level overview of Mercatus Ltd.’s security, privacy, and business resilience posture for clients, partners, and due diligence purposes. It is intended as a public summary and does not disclose internal security-sensitive procedures.

1. Information Security

Mercatus states that it maintains an information security management framework aligned with ISO/IEC 27001:2022. Supporting certification scope and related documentation may be shared as part of an appropriate due diligence process.

2. Data Protection and GDPR

Mercatus processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian data protection legislation. Depending on the service model and processing activity, Mercatus may act as a controller or processor and supports appropriate contractual and organisational safeguards.

• defined processing purposes and lawful bases where applicable;
• support for data subject rights handling;
• confidentiality obligations for personnel;
• controls around access, handling, retention, and secure transfer of information;
• appropriate contractual safeguards for international transfers where required.

3. Security Measures

Mercatus applies technical and organisational measures designed to protect client and company information, which may include access management, secure remote access, authentication controls, endpoint protection, backup arrangements, workforce training, and internal incident escalation procedures.

4. Incident Management

Mercatus maintains internal procedures for the identification, escalation, management, and remediation of security and operational incidents. Where legally or contractually required, relevant notifications are handled through the appropriate response process.

5. Business Continuity and Disaster Recovery

Mercatus maintains continuity and recovery arrangements intended to support the restoration of critical operations following disruptive events. Public summaries are available here:

• Business Continuity & Disaster Recovery
• Disaster Recovery Plan

6. Due Diligence Materials

Additional materials, such as certificate details, scope information, contractual data protection terms, and other supporting documents, may be shared directly through the appropriate commercial or confidentiality process where required.

7. Contact

For privacy, security, or due diligence enquiries, please contact info@mercatusoutsourcing.com.