Version Date: May 6, 2020
Our Services and Targeting Data. Personal Data is data that can be attributed to an individual. We work with a variety of sources to assist our Customers in targeting advertising based on demographic, geographic and employment profiles, but not any Personal Data. Using these profiles, we can target advertising toward groups of persons that fit these general profiles using online advertising services. We transmit the profiles as instructed by our Customers to advertisers using APIs to allow them to target advertising through specific ad networks through our platform.
Personal Data. We collect the name, email address, address, phone number and payment information for users that want information regarding the Company Services, that are customers or who enter into contests or promotions with us.
We use Customer Personal Data for the purpose of providing the Company Services you pay for and tracking use of those Company Services for customer service and billing purposes. We also use your Personal Data connected with payment and use in order to bill you for the Company Services purchased by the Customer using a third-party service provider. We do not store your payment information.
If you are a customer, we also may use your information to contact you for direct marketing purposes to let you know about our products or services that might be of interest to you.
We may share Personal Data with third parties outside of our company in the following ways:
Third Parties. We contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum, EU Model Clauses and/or ensuring they have EU-U.S. and Swiss-US Privacy Shield certification.
We rely on the following legal grounds to process your personal information:
Performance of a Contract. We may need to collect and use your Personal Data to enter into a contract with you and to perform Company Services that you request.
We work with, and our customers may share data to target ads through, the following advertising technology providers:
These providers also collect tracking data via cookies on our site as well.
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:
However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.
Payment Encryption. Metadata utilizes only PCI-DSS compliant third-party payment processors to ensure the security of your personal information.
Third Party Advertising and Profile Sources. We work with third party advertising technology and information databases to build profiles for our customers to target advertising. However, we do not directly place advertisements or control the information they collect. Even if they endeavor to be compliant with data protection laws, we are not responsible for their data protection policies. If you would like to exercise any of your data subject rights, such as the ones listed below, they will be subject to the privacy policies of the sources of such data and you should make such requests directly to them.
Right to Review and Rectify Your Personal Data. Customers can review and update most of your Personal Data by logging on to your account and changing your settings. However, if you are located in the European Economic Area (EEA) and additional assistance is required to review, change or delete inaccuracies within your Personal Data or would like to know what information about you was collected, please contact us at firstname.lastname@example.org. We reserve the right to charge for copies of data requested, subject to applicable law.
Right to Remove or Withdraw Consent. You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data. If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. You can request that we delete your Personal Data and your account by sending an email to us at email@example.com. However, since your Personal Data is required for us to provide the Company Services to you, deleting it will also terminate your access to the Company Services. Deleting your Personal Data does not mean that all of it will be removed. We take steps to delete Personal Data that is no longer necessary in relation to provide the Company Services or when we no longer have a legitimate purpose to retain such Personal Data. We may be required by law, to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Company Services. We may de-identify and anonymize some data for purposes of retaining it.
Data Portability. If you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.
Right to Redress. If you are located in the European Economic Area and you believe we have violated any data protection laws, you may file a complaint with your local data protection authority.
Our Company Services may involve the processing of Personal Data on behalf of our customers. When we do so, we are acting as processors for the controllers of such data. As such, we take steps to ensure that Personal Data subject to GDPR is processed in accordance with controller instructions and GDPR, such as entering into a Data Processing Addendum incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such End User Personal Data. If you wish to exercise your data subject rights to review, rectify, delete or port your End User Personal Data, please contact the controller to make such request. If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.
If you are providing your Personal Data to us directly to use our Company Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.
Shine the Light Law. California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents who have an established business relationship with metadata.io may make a written request to us about whether metadata.io has disclosed any Personal Information to any third parties for the third parties’ direct marketing purposes during the prior calendar year. To make such a request, please send an email or write us; our contact information is at the end of this policy.
California Consumer Privacy Act. California consumers have the right to request: the categories of personal information we have collected about consumers; the categories of sources from which the personal information is collected; the business or commercial purpose of collecting or selling personal information; the categories of third parties with whom we share or sell personal information; the categories of personal information about consumers that we have sold; the specific pieces of personal information we have collected about a consumer; right to request deletion of their personal information, the right to opt out of the sale of their information, and the right not to be discriminated against for exercising CCPA rights.
We do not sell Personal Information for monetary consideration. In the event that the use of certain of our cookies constitutes a “sale” under CCPA, we have implemented a “Do Not Sell” button on our home page to allow you to opt out of the sale of your information.
Our contact information is listed at the bottom of this policy. We will ask for your name, email address and state of residence. If your name and email address are insufficient to verify your identity and assess your privacy request, we may need to ask for additional information. You may also designate an authorized agent to make a CCPA privacy request.
We may link to other websites. When you click on one of these links, you are ‘clicking’ to another website. We do not control the data collection or privacy practices of such third-party sites. We encourage you to read the privacy policies of any third-party sites, as their collection, use and storage practices and policies may differ from ours.
Metadata does not knowingly collect or store any personal information from or about children under the age of 18.
If you believe a child under the age of 18 has under any circumstances provided us with personal information and data, a parent or legal guardian can email us at firstname.lastname@example.org to request that their children’s information be deleted from our records.
“Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, there is no industry-recognized way to recognize when a browser-based DNT signal is received.
880 Harrison St. Suite 303C, San Francisco, CA 94107
Phone: (415) 231-2211