GDPR Compliance

We protect and secure all our users’ personal data under the same GDPR-compliant terms, regardless of whether they are EU citizens. For this, we have published detailed extensively the Terms and Conditions for using our website & app, as well as the Privacy and Data Protection Policy and Cookie Policy.

The goal of this document is to explain in plain language the implications of collecting and processing personal data and how we comply with the GDPR requirements.

Last updated: July 13, 2022

Collecting personal data

Metabeta collects the personal data of users (also called data subjects) in four main ways:

• directly from the data subjects, when they create or update their account (login information, personal profile or resume, payment information) or through various forms;
• from the traffic reports recorded by the servers hosting the Metabeta website and app (IP, geolocation, date and time of access, accessed resources);
• through cookies (see the cookie policy for full details);
• from third-party public websites or services, information such as demographic details (gender, age, location, etc.), work experience (jobs, volunteering, skills, professional articles or contributions), educational background (institutions, degrees, research published, etc.), company data (business information, jobs, customers, financing, revenue, products & services, etc.), or any other information about a data subject that can be relevant to other users that wish to share investment, business, or job opportunities.

Processing personal data

Metabeta tries to process as little data as possible, to protect its data subjects but still processes a lot of data to improve the usefulness of our app for these purposes:

• allowing data subjects to create or administer their personal and company accounts and profiles;
• providing answers, clarifications, and remediation of problematic situations to data subjects;
• developing and securing the platform for a good user experience and usefulness;
• communicating new product features and updates to data subjects;
• connecting data subjects with very targeted investment, business, or job opportunities;
• compliance with laws and internal policies.

Data security

We take all the required measures to ensure the security of all the data that we store:

• Metabeta’s data sub-processors, such as Amazon Web Services (AWS) and Google Cloud Platform servers are hosted within EU and are SOC2 and/or ISO 27001 certified. All AWS and Google Cloud services are GDPR-ready as of March 2018.
• All personal data is encrypted using AES-256, managed through AWS Key Management Service.
• All passwords are hashed and salted using industry-standard techniques.
• Communication between the browser/app and the server is done using secure APIs.

How does Metabeta adhere to GDPR?

Metabeta collects and processes personal data from a variety of sources and is 100% GDPR compliant (for full details, please refer to the more complete Privacy and Data Protection Policy):

• Users’ right to be informed: we inform our data subjects in detail about what personal data we process from them, for what purposes, the retention period, the data sources, and their privacy rights, and details about data portability.
• User consent: many users give us explicit consent to collect and process their personal data when creating or updating their accounts.
• Legitimate interest: we use the data to provide relevant functionality and opportunities for our users, including connections for investment, business, or job opportunities. The purpose is not outweighed by fundamental rights and freedoms, and we take into account users’ reasonable expectations of how data may be used.
• Right to be forgotten: we remove the user’s personal data from Metabeta, upon request.
• Internal policies and processes were reviewed with a specialized legal firm in 2021 and our staff received GDPR training. All our employees undergo GDPR training upon hiring. The policies include Terms and Conditions of Use; Privacy and Data Protection Policy; Cookie Policy; Human Resources Policy; Antivirus Policy; Confidentiality and Consent Agreements for Employees, Candidates, and Contractors; Security Incident Policy; Network & Infrastructure Access Policy; for a full list please get in touch.
• Other measures are described in our Privacy and Data Protection Policy).

How can you adhere to GDPR when using Metabeta?

While we have consulted with legal professionals both in the creation of this document and our own product features, Metabeta is not a law firm. All information below is not legal advice, you should seek independent legal advice if you have specific concerns about your use cases.

A key element of GDPR that can cause business friction is the gravity of consent that is required from individuals. Specifically, in order to collect and process the personal data of EU citizens, investors, marketers, sales reps, or recruiters must have at least one legal basis. Two of the most common legal bases are:

• Consent of the data subject, which can be confirmed when first approaching a Metabeta users inside/outside our app.
• A legitimate interest to use the data. GDPR cites direct marketing as an example of a likely legitimate interest. Based on the best legal interpretations as of today, direct sales, marketing, investment, and recruiting communication is protected as a “legitimate interest” if executed in a thoughtful way. On the other hand, direct marketing that is not targeted in a way that is likely to be useful to someone given their industry or position may not fit a legitimate interest. It will, therefore, be more important than ever for investment, sales, or recruitment teams, to use data wisely and tailor campaigns and marketing to be relevant.

Also, once you start collecting from Metabeta and processing the data of any data subject, it is important to inform the data subjects that you are doing so and for which purposes.

Other details

If you need more details, please refer to our Privacy and Data Protection Policy or contact us at beta@metabeta.com.