Privacy & Data Protection Policy

This policy details the practice of Exploratorium SRL regarding the personal data used by the domain metabeta.com and the Metabeta app (hereinafter briefly, generically, Metabeta, the App, respectively Website or Site) and is intended to inform users about this subject. By using Metabeta, users acknowledge that they have become aware of and agree to this Privacy and Data Protection Policy, and also to the Cookie Policy, and also the Terms and Conditions published on Metabeta.

Last updated: February 20, 2023

Identification of the data controller

Name: Exploratorium SRL (hereinafter the Company, Owner, or Exploratorium)
Address: Str. Petru Poni nr. 10, Iași, 700523, Romania
Registration no.: J22/76/2018
Fiscal code: 38692014
Data Protection Officer: Marius Ursache (Internal)
Email: gdpr@metabeta.com

Contact details in the field of personal data protection

The Company collects information from users in the following ways: directly from the user, from the traffic reports recorded by the servers hosting Metabeta, through cookies, as well as from third-party public or private sources.

Information provided directly by the user

  • The Company may collect the following information from its users: name, surname, email, social network user names and profile pictures, other contact information, former education and jobs, biographical details, bank account, credit card details, PayPal email address, tax identification number, address, job title, and employer. The details and contexts of collecting this information are outlined below.
  • When the user signs up for the Metabeta app, the user fills the fields in the Sign-up form indicating name, surname, email, and password (all being personal data); alternatively, they may sign up using a social login (LinkedIn, Google, Twitter, Facebook), indicating name, surname, email, social network username, profile picture. This is the only mandatory information required by the Company in order to be able to create a valid account for each user. The same information shall be used later, after the account is created, for the Login process. In any case, the password is not seen by the Company. No other data is extracted from the social networks used for login purposes.
  • When the user fills in the fields in any of the Contact or Information request forms, they indicate name, surname, and email (all being personal data). This is the only mandatory information required by the Company in order to be able to respond to the message sent by each user. No passwords are collected in this case. Other personal data could be processed by the Company if it is included in the information/request sent by the user by any of the Contact/Information request forms. The Company may or may not request the respective data, but insofar as they are absolutely necessary in order to be able to respond to those transmitted by the user through the form, the processing of personal data shall be performed at the request of the user of Metabeta.
  • When the user shares details in the Chatbox, they indicate name, surname, and email (all being personal data). This is the only mandatory information required by the Company in order to know how they may address that user. No passwords are collected in this case. Other personal data could be processed by the Company if it is included in the Chatbox and as they are absolutely necessary in order to be able to respond to those transmitted by the user through the Chatbox, the processing of personal data shall be performed at the request of the user of Metabeta.
  • When the user fills in the fields in the Profile section in the Metabeta app, they indicate their name and surname (all being personal data). This is the only mandatory information required by the Company in order to have a valid user. Such data are public, meaning that they are seen by any user that creates an account on Metabeta.
  • Users that have accounts may add on their Profile additional information concerning their business, contact data, former education and jobs, social profiles with corresponding links, even a short pitch and bio, picture, and even indicate other relevant links. Such information is not mandatory, the user is free to decide if they indicate it or not. The validity of their profile and access to Metabeta, shall not be restricted in any way if the aforementioned data shall not be filled in. Users should however be aware that Metabeta can see all that information in its last updated version, as well as others organizations and users with accounts on the platform.
  • When the user fills in the fields in the Payment section or in the third-party billing service (Stripe, Chargebee), they indicate name and surname, no. of bank account, PayPal, address, tax identification number, credit card (which can be personal data, unless the user is created on ). This is the only mandatory information required by the Company in order to receive a valid payment and to issue a legal invoice.
  • When the user consents to receive Newsletters or commercial information, they indicate their name, surname, organization, job title, and email address (personal data). This is the only mandatory information required by the Company in order to send information concerning its products and services, news, articles, events, and other marketing-oriented materials.
  • The Company confirms that none of the personal data indicated above shall be used for purposes other than those expressly indicated, especially since they shall not be processed for marketing purposes without observing the legal provisions.

Information obtained from the traffic reports recorded by the server

When a website/app is accessed, users automatically disclose certain information, such as the IP address, the time of the visit, and the place where the website/app was accessed. The Company, like other operators, registers this information for the purpose of security and protection of all users, and also for purposes of improvement of the Website/Apps.

Information obtained through cookies

All details on how data is processed in this context, are indicated in the Cookie Policy available on Metabeta. The contact details that the user can use to transmit any requests, notifications, or claims regarding this Privacy and Data Protection Policy, as well as the Terms and Conditions and the Cookie Policy, or any other information published on Metabeta, policies, or operations performed by the Company, are indicated above.

The deadline for the Company to send a response is no more than 30 days from the receipt of the request.

Information obtained from third parties

  • The Company might use public websites, apps, social networks, APIs, technical sources, or other third-party services, to collect data about users and companies. This data includes, but is not limited to: demographic details (gender, age, location, etc.), work experience (jobs, volunteering, skills, professional articles or contributions), educational background (institutions, degrees, research published, etc.), company data (business information, jobs, customers, financing, revenue, products & services, etc.), or any other information about a person/company that can be relevant to other users that wish to find investment, sales, or recruitment opportunities.
  • This data is further processed by the Company using its internal systems, for legitimate business interests.

Data subject

Given that the Company processes the personal data of users of Metabeta (before, and after registering an account), they hold the status of the data subject and declare that they are over 18 years old. If the information/requests transmitted by the users also concern personal data relating to other persons (those persons hence acquiring the status of the data subject), the Company shall process their data strictly in order to be able to respond to that information/request.

Personal data processed

Any information regarding an identified or identifiable natural person, respectively the data subject, can be considered personal data. Considering the processing purposes indicated herein, the Company tries to reduce as much as possible the personal data processed and excludes any personal data that is not relevant to legitimate business interests.

Users are responsible for any third-party personal data obtained, published, or shared through Metabeta and confirm that they have that third party’s consent to provide the data.

Thus, according to the Cookie Policy, the data subject shall be able to choose the types of cookies (applicable where their use is not automatically made for the functioning of Metabeta) in order to ensure a more complete and better experience when browsing Metabeta.

  • For setting up the account using the Sign-up form and for accessing the account using the Login form, the Company processes the following data: name and surname of the user, email address, social profile URL, profile picture, password, IP, browser type/version, and device type.
  • For the transmission of answers to the requests/notifications sent by users using the Contact or Information request forms, the Company processes the following data: name and surname of the user, email address, and any other personal data provided by the user in their message, if needed to reply, IP, browser type/version, device type.
  • For the transmission of answers to the requests/notifications sent by users using the Chatbox, the Company processes the following data: name and surname of the user, email address, and any other personal data provided by the user in their message, if needed to reply, IP, browser type/version, device type.
  • For administering the Metabeta platform and the accounts created by the users, as well as for suspending and deleting an account if needed, the Company processes the following data from your Profile: name and surname, email address, browser version/type, IP, any other personal data provided by the user in their profile.
  • For processing the payment of the subscription, as well as for resolving any payment issue that may appear, the Company requires the user to fill in the following data in the Payment section or third-party payment/billing apps: name and surname, email address, bank account number, credit/debit card number/Paypal user, address, tax identification number, IP, browser type/version.
  • For sending newsletters, invites, articles, promos, and any other marketing-oriented material, the Company requires the user to agree with the receiving of commercial information and offers the possibility to unsubscribe at the end of each email sent to the user: name and surname, email address, IP, browser type/ version.
  • For investment, business opportunities, or recruitment purposes, the Company may collect from third parties and websites information about the use that is relevant to these contexts: full name, gender, age, date of birth, place of birth, current location, languages spoken, email addresses, phone numbers, work history (companies, jobs, year, experience, skills, responsibilities, projects, performance reviews, etc.), educational background (degrees, institutions, accreditations, research, publications, reviews, projects), and other details that are publicly available. The Company offers the possibility to the user to request updating or deleting their personal information by contacting the Company at beta@metabeta.com.
  • Depending on the cookie settings, other data can be processed (especially those related to user preferences and behavior on Metabeta).

Processing of personal data

It represents the processing of personal data, any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means. The Company accesses, collects, uses, and performs any other actions allowed by the applicable law on the personal data provided by users, within the limits indicated above.

Purpose

A user is a person who accesses Metabeta or whose personal data is processed for different purposes (respectively you).

The personal data provided directly by the user is processed for these purposes:

  • providing answers, clarifications, and remediation of problematic situations, related to the requests and notifications sent by the user through any of the contact forms or chatboxes;
  • creating and administering user accounts, through the Sign-up and  Login forms;
  • administering and developing the Metabeta platform, as well as the profiles there (including their suspension and deletion), including hosting, user database management, spam protection, backup saving, and management, hosting, and backend infrastructure, Content commenting, payment registration, and invoicing;
  • transmitting marketing-oriented materials to subscribers at Metabeta Newsletters;
  • ensuring compliance with this Privacy and Data Protection Policy, the Terms and Conditions, and the Cookie Policy, as well as the applicable legal provisions for the protection of the rights, property, or security of Metabeta.

The personal data provided by the traffic reports recorded by the server is processed for these purposes:

  • identification of the sections of interest of Metabeta;
  • safer administration of the computer system and Metabeta.

The personal data provided by the use of cookies is processed for these purposes:

  • functioning and smooth operation of Metabeta (needed cookie);
  • depending on the settings chosen by the user, additional personal data can be used for obtaining statistical information that allows for improving the offered services, saving preferences, advertising, analytics, behavioral targeting, tag management, displaying content from the external platform, access to third-party accounts, content performance and features testing (A/B testing), interaction with data collection platforms and other third parties, social features, etc. All details regarding this type of data processing can be found in the Cookie Policy as well as in the Detailing of the purpose.

The personal data collected through third-party websites & services is processed for these purposes:

  • to connect users for investment purposes (such as an investor contacting a startup founder to offer an investment in their startup; a startup founder connecting an investor to request an investment in their startup; investors connecting to do joint startup investments; or other similar purposes).
  • to connect users for business opportunities (widely regarded as sales communication or direct marketing, such as offerings of new products and services, partnerships, or other business opportunities).
  • to connect users for the purpose of job opportunities (such as a recruiter contacting a potential candidate to offer a job that might be of interest to the candidate).
  • The Company collects and processes a large volume of third-party personal data, specifically with the purpose to offer very targeted and relevant connections for users, and uses this data to prevent users from approaching other users with irrelevant offerings or connections.

If the Company intends to subsequently process the personal data for a purpose other than those indicated above, it shall provide the data subject prior to such further processing, additional relevant information regarding the secondary purpose, by completing the necessary formalities according to the law.

Recipients of the processing

The personal data shall be provided to:

  • the administrators and employees/collaborators of the Company that deal with the administration and development of Metabeta and who are involved in the activities regarding which the users’ profiles or questions/notifications;
  • the support service providers contracted by the Company in order to fulfill its contractual or legal obligations, such as:
  • the designers, the software developers, the IT or business consultants, and the trainers who can access all the data recorded in the Company’s online records, including those of the users indicated at point 4 above;
  • the attorneys of the Company can access all data recorded in the Company’s records, including those of the users, in case of legal issues that require their involvement;
  • advertising, PR, and communication companies for the marketing activity. These companies may collect data through cookies or through the registration forms for the event or feedback, and to the extent that this happens, the Company shall provide this information to the data subjects in advance and obtain their consent where needed;
  • suppliers of IT services and platforms needed for the functionality of Metabeta, such as (but not limited to) hosting, payment processing, user behavior, customer support, project, and product management, event tracking, analytics, etc.
  • other users registered on Metabeta who are specifically interested in investment, business, or job offerings/opportunities.

The list of suppliers listed above is not exhaustive, but it does indicate the main collaborating companies. They shall have the capacity of the independent data controller, the joint data controller, or the data processor in relation to the Company—depending on the factual situation and the contract’s clauses. However, regardless of the quality held, they are obliged to maintain the confidentiality and security of the personal data of the data subject (the user), adopting appropriate technical and organizational measures. Upon request, the updated list of providers and main clauses of those contracts which may impact the user’s personal data can be communicated to that user.

Although they are not considered recipients of personal data under the legal provisions, public authorities (including the fiscal authority and the consumer protection authority) and the courts of law may process all/any of the personal data obtained by means of Metabeta.

The legal ground for personal data processing

Processing the personal data of our users complies with at least one of these articles:

  • GDPR Article 6 letter a: the processing is carried out based on the consent of the User; situation applicable when the processing of the data is done in the context of the cookies accepted by the user and which are not necessary for the functioning of Metabeta; when the processing of data is done in the context of filling in the forms indicated in any contact form or chatbox; for profiling; as well as when the processing of data for marketing purposes to the list of Newsletter subscribers or marketing communication recipients;
  • GDPR Article 6 letter b: the processing is carried out for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; situation applicable when the processing is done in the context of the forms from sections Sign up, Log in and Profile;
  • GDPR Article 6 letter c: the processing is necessary for compliance with a legal obligation to which the Company as the data controller is subject; situation applicable in the context of data processing in relation to the competent authorities or legal service providers, as well as for the payment of the subscription and invoicing;
  • GDPR Article 6 letter f: the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject; situation applicable in the context of data processing for the normal functioning and administration of Metabeta.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing.

Type of processing

Data processing activities performed by the Company, mainly refer to:

  • collecting the data indicated by the user in the Contact, Information request, Chatbox, Sign-up, Login, Profile, Newsletter, and Payment/Billing forms;
  • use of data for providing answers to the messages transmitted by the user;
  • use of data for the conclusion and execution of the contract;
  • use of data for the purpose of each category of cookies chosen by the user;
  • use of data collected from third parties for legitimate business interests;
  • collecting other unsolicited data if provided by the user in a communication, request, or complaint addressed to the Company so that it can respond and solve the request or remedy the incident;
  • storing personal data according to the law and within limits necessary to achieve the purpose, in the electronic and secure database held by the Company;
  • allowing access to personal data to certain employees and external collaborators who provide support services for the Company, whose activity involves the processing of personal data under the condition of undertaking the obligation of confidentiality and GDPR compliance;
  • allowing limited access to personal data to other users for the purpose of investment, business, or job opportunities.
  • allowing access to personal data to the competent authorities, insofar as the law obliges.

Retention of data

The retention period of the personal data processed, is:

  • until the withdrawal of the consent or the exercise of the right to data erasure (Right to be forgotten) of the user, for the processing of personal data based on the consent of the data subject within the limits indicated by art. 17 of the EU Regulation no. 679/2019;
  • until the deletion of the user profile at the request of the user or by the decision of the Company (as a result of a sanction for breaching the Terms and Conditions or as a result of the expiration of the Metabeta subscription of that user): all data indicate in the profile, login not being available after that date;
  • for 3 years after receiving the message from any of the Contact or Chatbox forms, in order to be able to demonstrate the measures taken by the Company, considering the duration of the general limitation period for the right to act before the courts regulated by the Romanian Civil Code;
  • for 5 years after updating the user profile with relevant data either from the user intervention or from third-party information, as this is considered an acceptable period for investment, business, or job opportunities.
  • a longer period than the abovementioned, when the law or order of an authority regulates in such a manner or when there is a well-justified ground for this action (for example, to prove payments and invoicing, or to exercise a right before the court in litigation started before the expiry of the storage period indicated herein).

Upon the expiry of the aforementioned periods, all data shall be deleted from the Company’s records. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Rights of the data subject

The right to be informed

  • Please review in this regard the present policy, the Cookie Policy, and the Terms and Conditions.
  • The Company reserves the right to modify/update the content of Metabeta, including the policies to which references are made, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or jurisprudential changes that may affect the consequences to those published on Metabeta). The revision of this policy in the future shall be signaled by modifying the “Last updated” date at the top of this document. After the date the updated policy is published, accessing Metabeta shall represent the user’s acceptance of these updated conditions.
  • However, if there shall be significant changes that could affect the rights and freedoms of the users or if it shall become obligatory to obtain their consent, informing them about these changes shall be made by easily visible indications posted on Metabeta (pop-ups) or by transmitting e-mails to the addresses provided (if applicable). Such significant changes shall have effects on users within 15 days from the time of posting the pop-up in question or of sending the email (how the information shall be made is decided by the Company, on a case-by-case basis).
  • Regardless of the extent of the change, the responsibility to check the content of Metabeta (including the Terms and Conditions, as well as the policies displayed), in order to be up to date with the latest versions, shall be entirely the responsibility of the user. Thus, a STUDY OF THIS PRIVACY AND DATA PROTECTION, OF THE TERMS AND CONDITIONS, AND THE POLICY COOKIE, SHOULD BE MADE BY USERS WHENEVER THEY ACCESS METABETA, AND BEFORE MAKING ANY REGISTRATION OR PROVIDING ANY DATA, WHEREAS CHANGES CAN APPEAR.
  • Upon request, the data subject shall be informed about the essence of the contracts concluded with the recipients of personal data where possible, and also of the data source.

The right to access the personal data processed

  • If the data subject wishes to receive information regarding the processing of data performed by the Company, they can send a request to the Company, and a response shall be provided within 30 days of reception.

The right to data rectification

  • If the data subject wishes to rectify/amend the inaccurate/incomplete personal data concerning him/her/it as provided to the Company, they can send a request to the Company, and a response shall be provided within 30 days of reception.
  • Some elements of the personal data can be updated by the user by logging in and accessing their profile on Metabeta.

The right to data erasure (the right to be forgotten)

The data subject shall have the right to obtain the erasure of personal data concerning him/her/it:

  • at the expiration of the processing duration;
  • if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • if the data subject withdraws his/her/its consent on which the processing is based and where there is no other legal ground for the processing;
  • if the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • if the processing is illegal, the personal data is unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation.

The exceptional cases are provided in art. 17 paragraph 3 of the European Regulation no. 679/2016.

Some data are part of the Company’s records, which it keeps in relation to its legal obligations or its legitimate interest. Therefore, not all data can be erased, according to the law. However, any refusal to delete the data shall be motivated by the Company and shall be based on a clear legal basis.

The right to restriction of processing and the right to object

The restriction of processing can be applied if the data subject finds out that:

  • the accuracy of the personal data is contested by the user, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are not yet deleted and are required by the data subject for the establishment, exercise, or defense of legal claims;
  • the data subject has objected to processing pending the verification of whether the legitimate grounds of the controller override those of the data subject.

The Company may continue processing the restricted personal data if it is necessary to establish, exercise, or defend a right in court, or protect/defend a person but only with the consent of the user.

The Company shall communicate to the recipients that a rectification, deletion, or restriction of the personal data took place unless it is impossible or it involves disproportionate efforts.

The right to data portability

  • The user or a third party indicated by them can receive on request, the personal data processed by the Company. the Company assumes no responsibility for the data processing performed by that third party.
  • The obligation to ensure the right to portability is the responsibility of the Company only if the processing of the personal data is based on the consent of the data subject or on the conclusion and execution of the contract. The actions shall be taken within 30 days from the receipt of the request.

The right to object

  • The user shall have the right to object, on grounds relating to his/hers/its particular situation, at any time to the processing of personal data based on the legitimate interest of the Company (including profiling).
  • Regardless of the above, if the Company demonstrates well-justified legitimate grounds for the processing which overrides the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims, the processing of data can continue.

The right to submit a claim

The data subject may submit:

  • a request / a claim using the contact data of the Company, as indicated in art. 1 above;
  • an action before the competent court;
  • a complaint before the competent processing supervising authority. In Romania, that authority is the Romanian National Supervisory Authority for Processing Personal Data (www.dataprotection.ro).

However, the Company wishes any conflict/dispute to be resolved amicably and provides its availability in this regard.

The right to withdraw the consent given

  • The data subject may withdraw his/her/its consent at any time, without however affecting the legality of the processing before the withdrawal nor the one based on other legal grounds.

The right to not be subject to an automated decision

  • The Company would like to make decisions based solely on the automatic processing of personal data.
  • The data subject should have the right not to be subject to a decision, which may include a measure, evaluating personal aspects relating to him/her/it which is based solely on automated processing and which produces legal effects concerning him/her/it or similarly significantly affects him/her/it. Such processing includes ‘profiling’. However, this does not apply if the decision: (a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; (b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (c) is based on the data subject’s explicit consent.
  • Predictions based on the User’s Data (“profiling”)
  • The Company may use the personal data collected through Metabeta to create or update user profiles. This type of data processing allows the Company to evaluate user choices, preferences, and behaviors for the purposes outlined in the respective section of this document.
  • User profiles can also be created through the use of automated tools like algorithms, which can also be provided by third parties.
  • The User always has a right to object to this kind of profiling activity. To find out more about the User’s rights and how to exercise them, the User is invited to consult art. 11 letter g of this document.
  • Automated decision-making means that a decision that is likely to have legal effects or similarly significant effects on the user, is taken solely by technological means, without any human intervention. Metabeta may use the user’s personal data to make decisions entirely or partially based on automated processes according to the purposes outlined in this document. The Company adopts automated decision-making processes as far as necessary to enter into or perform a contract between User and Owner, or on the basis of the user’s explicit consent, where such consent is required by the law.
  • Automated decisions are made by technological means, mostly based on algorithms subject to predefined criteria, which may also be provided by third parties.

The rationale behind automated decision-making is:

  • to enable or otherwise improve the decision-making process;
  • to grant users fair and unbiased treatment based on consistent and uniform criteria;
  • to reduce the potential harm derived from human error, personal bias, and the like which may potentially lead to discrimination or imbalance in the treatment of individuals, etc.;
  • to reduce the risk of users’ failure to meet their obligation under a contract.

As a consequence, users are entitled to exercise specific rights aimed at preventing or otherwise limiting the potential effects of the automated decisions taken.

In particular, users have the right to:

  • obtain an explanation about any decision taken by the Company as a result of automated decision-making and express their point of view regarding this decision;
  • challenge a decision by asking the Owner to reconsider it or take a new decision on a different basis;
  • request and obtain from the Owner human intervention on such processing.

Main obligations of the data subject

Confidentiality

  • The data subject has the obligation to keep the confidentiality of all personal data with which he/she/it comes into contact in relation to the Company.
  • The fact that a user can give access to a profile of another user from the Metabeta platform, in certain conditions, shall not be considered as a breach of the aforementioned obligation. Users declare that they are aware of this fact and shall not have any claims in this regard towards the Company.

Complying with the data security measures

  • The data subject shall not process any confidential data or personal data of third parties unless it is absolutely necessary, confidentiality is ensured and the specific legislation is fully complied with.
  • In case of breach of the obligations indicated in this art. 12 by the data subject, the Company shall be entitled to obtain from him/her/it compensation for all the damages suffered.

Obligations of the Company

Security measures applicable to the processed personal data

The Company complied with the provisions of the data protection legislation and has implemented appropriate technical and organizational measures to ensure the security of the processed personal data and the rights of the users. Thus, the Company has implemented measures such as:

  • the conclusion of contracts with collaborators who have undertaken the obligation of confidentiality in relation to the personal data processed, as well as the general obligation to comply with the applicable legislation in the field of personal data protection;
  • training the employees and collaborators on the importance of personal data protection, as well as limiting their access to data according to their attributions and competencies;
  • establishing internal procedures having the purpose of protecting personal data;
  • indicating especially contact data which can be used for questions/claims regarding personal data (ie. the one indicated in art. 1 of the present policy);
  • implementing information security measures;
  • the data processing is carried out using computers and IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated;
  • not installing cookies in addition to those necessary for the functioning of Metabeta and offering the users at all times the possibility to choose the additional cookies accepted.

Also, the Company shall inform the competent data protection authority in the event of a breach concerning data security, without undue delay and, if possible, within 72 hours from the moment it became aware of it unless it is unlikely to create a risk for the rights and freedoms of individuals. If the notification to the authority shall not be made within 72 hours, it shall be accompanied by a justified explanation for the delay.

In the event of an incident concerning the security of personal data, the Company shall also inform the data subject without undue delay, if the breach of the security of personal data is likely to generate a high risk for his/her/its rights and freedoms. However, informing users shall not be necessarily informed if any of the following conditions are met:

  • the Company has implemented adequate technical and organizational protection measures, and these measures have been applied in the case of the personal data affected by the security breach;
  • the Company has taken further measures to ensure that the high risk for the rights and freedoms of the data subjects is no longer likely to occur;
  • would require a disproportionate effort. In this situation, a public notice shall be conducted instead or a similar measure shall be taken, so that the data subjects are informed in an equally effective manner.

Any statistics regarding the traffic of the users on Metabeta, which the Company shall provide to third-party advertising networks or to other sites, shall have a data set form and shall not include any identifiable information about any individual user.

Unfortunately, no data transmission through the internet can be guaranteed to be 100% secure. Consequently, despite the Company’s efforts to protect users’ personal data, it cannot guarantee or ensure the security of information transmitted by them through Metabeta. Users are therefore warned that any information sent through the online environment shall be done at their own risk. To mitigate this risk, one of the measures taken by the Company is to offer all interested users the possibility to send requests/addresses/messages in material form, to the Company headquarters, and not necessarily through the “Contact” or “Chat” box.

Subprocessing

The Company shall not appoint or disclose any user personal data to any Contractor or Subprocessor unless it is essential for providing functionality to Metabeta users, and only after the Contractor/Subprocessor agrees to abide by the same terms of data protection and policy with regard to the use personal data collected by Metabeta.

As of the date of this policy, the only Contractors with access to user personal data are the employees and software development contractors of the Company.

Liability of the Company

The Company’s liability in relation to the data subject shall be established in relation to the quality held in the respective data processing operation, the reason and place of the incident, the security measures taken, the measures taken to avoid incidents, and the observance of the other legal obligations and the policies published on Metabeta.

Place of processing.
Transfer of personal data to third countries/international organizations

  • Personal data is processed at the Owner’s operating offices in Romania and in any other places where the parties involved in the processing are located.
  • Depending on the user’s location, data transfers may involve transferring the user’s data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
  • Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their data.
  • If any such transfer takes place, users can find out more by checking the relevant sections of this document or inquiring with the Owner using the information provided in the Contact or Chat form.

Final Provisions

  • This policy applies to the Company and to Metabeta users (including those who complete the existing forms on Metabeta).
  • This document is part of the Company’s set of security policies. Other policies can apply to the topics addressed herein and can be reviewed according to specific needs.
  • In addition to the information contained in this privacy policy, Metabeta may provide the user with additional and contextual information concerning particular services or the processing of personal data upon request. Please see the contact information at the beginning of this document.