Effective: May 6, 2020

Metadata, Inc. (“Company” or “we” or “us” or “our”) respects the privacy of its users (“user” or “you”) whether they use our website located at www.metadata.io, including other media forms, media channels, mobile website or mobile application related or connected thereto (collectively, the “Website”) to access our data augmentation and intelligence service or simply to view the Website (the “Company Services”). The following Company privacy policy (“Privacy Policy”) is designed to inform you, as a user of the Company Services, about the types of information that Company may gather about or collect from you in connection with your use of the Company Services. It also is intended to explain the conditions under which Company uses and discloses that information, and your rights in relation to that information. Changes to this Privacy Policy are discussed at the end of this document. Each time you use the Company Services, however, the current version of this Privacy Policy will apply.

Our Services and Targeting Data.  Personal Data is data that can be attributed to an individual. We work with a variety of sources to assist our Customers in targeting advertising based on demographic, geographic and employment profiles, but not any Personal Data. Using these profiles, we can target advertising toward groups of persons that fit these general profiles using online advertising services.  We transmit the profiles as instructed by our Customers to advertisers using APIs to allow them to target advertising through specific ad networks through our platform.

What Data Do We Collect?

Personal Data.  We collect the name, email address, address, phone number and payment information for users that want information regarding the Company Services, that are customers or who enter into contests or promotions with us.

Tracking Data.  We use cookies, IP Addresses and device IDs to track use of our Company Services by our customer users. We also collect tracking data to better understand how people use our website and Company Services.

Cookie Policy

When you visit our Site we use cookies, or similar technologies like single-pixel gifs and web beacons, to record log data. We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics, customization and track our customers’ use of the Company Services among other similar things. If you access our Site through your browser, you can manage your cookie settings.

For more information on the cookie we use, please read our Cookie Policy and Cookie List.

How Do We Use Your Data?

We use Customer Personal Data for the purpose of providing the Company Services you pay for and tracking use of those Company Services for customer service and billing purposes. We also use your Personal Data connected with payment and use in order to bill you for the Company Services purchased by the Customer using a third-party service provider.  We do not store your payment information.

If you are a customer, we also may use your information to contact you for direct marketing purposes to let you know about our products or services that might be of interest to you.

From time to time, Company may offer users the opportunity to participate in contests, giveaways and other promotions. Any information submitted in connection with such activities will be treated in accordance with this Privacy Policy. From time to time, Company may also ask users to participate in surveys designed to help Company improve the Company Services. Any Personal Data provided to Company in connection with any survey will be used only in relation to that survey and will be disclosed to third parties not bound by this Privacy Policy only in non-personally identifying, aggregated form.

How Do We Share Your Data?

We may share Personal Data with third parties outside of our company in the following ways: 

Law Enforcement and Internal Operations.  Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Metadata or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or (iv) to protect the rights, property or safety of Metadata, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information. 

Business Transfer.  We may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.  Under such circumstances, we will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.

Third Parties.  We contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions.  We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum, EU Model Clauses and/or ensuring they have EU-U.S. and Swiss-US Privacy Shield certification.

With Your Consent.  We may obtain your consent from time to time in electronic form by using online agreements or other acknowledgements, including for any other contemplated uses of your Personal Data not addressed in this Privacy Policy.

Legal Grounds

We rely on the following legal grounds to process your personal information:

Consent.  Some uses of your Personal Data as described in this Privacy Policy are subject to your consent, such as marketing email communications.  To withdraw your consent, please contact us at privacy@metadata.io.  You may also refrain from providing, or withdraw, your consent for Cookies via your browser and mobile settings.

Performance of a Contract.  We may need to collect and use your Personal Data to enter into a contract with you and to perform Company Services that you request. 

Legitimate Interests.  We may use your Personal Data for our legitimate interests to provide our Company Services and to improve our Company Services.  We may use technical information as described in this Privacy Policy and use Personal Data for our (and our customers’) marketing purposes consistent with our (and their) legitimate interests and any choices that may be offered or consents that may be required under applicable law. 

Advertising Resources

We work with, and our customers may share data to target ads through, the following advertising technology providers:

Facebook.  Subject to their privacy policy and data policy, you may make a data subject request.

LinkedIn.  Subject to their privacy policy, you may contact their Data Protection Officer.

Appnexus.  Subject to their privacy policy, you may contact their Data Protection Officer.

Thetradedesk. Subject to their privacy policy, you may contact their Data Protection Officer at dpo@thetradedesk.com.

These providers also collect tracking data via cookies on our site as well.

How is My Data Protected?

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:

  • SSL encryption (https) everywhere we deal with personal data.
  • Password protection on your account.
  • Data is kept on secure, encrypted servers, located in the US.
  • Restricting staff access to Personal Data protected by password logs and two-factor authentication.
  • Regular staff privacy and security training
  • Tokenization of payments

However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.

Payment Encryption. Metadata utilizes only PCI-DSS compliant third-party payment processors to ensure the security of your personal information.

Your Choices

Third Party Advertising and Profile Sources.  We work with third party advertising technology and information databases to build profiles for our customers to target advertising. However, we do not directly place advertisements or control the information they collect. Even if they endeavor to be compliant with data protection laws, we are not responsible for their data protection policies. If you would like to exercise any of your data subject rights, such as the ones listed below, they will be subject to the privacy policies of the sources of such data and you should make such requests directly to them.

Right to Review and Rectify Your Personal Data.  Customers can review and update most of your Personal Data by logging on to your account and changing your settings. However, if you are located in the European Economic Area (EEA) and additional assistance is required to review, change or delete inaccuracies within your Personal Data or would like to know what information about you was collected, please contact us at privacy@metadata.io. We reserve the right to charge for copies of data requested, subject to applicable law.

Right to Remove or Withdraw Consent.  You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data. If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. You can request that we delete your Personal Data and your account by sending an email to us at privacy@metadata.io.  However, since your Personal Data is required for us to provide the Company Services to you, deleting it will also terminate your access to the Company Services. Deleting your Personal Data does not mean that all of it will be removed. We take steps to delete Personal Data that is no longer necessary in relation to provide the Company Services or when we no longer have a legitimate purpose to retain such Personal Data.  We may be required by law, to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Company Services.  We may de-identify and anonymize some data for purposes of retaining it.

Data Portability.  If you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.

Right to Redress.  If you are located in the European Economic Area and you believe we have violated any data protection laws, you may file a complaint with your local data protection authority.

Processing End User Data for Customers

Our Company Services may involve the processing of Personal Data on behalf of our customers.  When we do so, we are acting as processors for the controllers of such data.  As such, we take steps to ensure that Personal Data subject to GDPR is processed in accordance with controller instructions and GDPR, such as entering into a Data Processing Addendum incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such End User Personal Data.  If you wish to exercise your data subject rights to review, rectify, delete or port your End User Personal Data, please contact the controller to make such request.  If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.

Transnational Transfer of Data

If you are providing your Personal Data to us directly to use our Company Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.

Your California Privacy Rights

Shine the Light Law. California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents who have an established business relationship with Metadata.io may make a written request to us about whether Metadata.io has disclosed any Personal Information to any third parties for the third parties’ direct marketing purposes during the prior calendar year.  To make such a request, please send an email or write us; our contact information is at the end of this policy.

California Consumer Privacy Act. California consumers have the right to request: the categories of personal information we have collected about consumers; the categories of sources from which the personal information is collected; the business or commercial purpose of collecting or selling personal information; the categories of third parties with whom we share or sell personal information; the categories of personal information about consumers that we have sold; the specific pieces of personal information we have collected about a consumer; right to request deletion of their personal information, the right to opt out of the sale of their information, and the right not to be discriminated against for exercising CCPA rights.

In the twelve (12) months preceding the Effective Date of this Privacy Policy, we may have collected or received, from our customers and from third parties in connection with providing the Company Services, information about California consumers in each of the following categories and disclosed the information to our service providers for business purposes.

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  • Categories of personal information described in subdivision (e) of Section 1798.80.
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
  • Geolocation data.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
  • Professional or employment-related information.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We do not sell Personal Information for monetary consideration. In the event that the use of certain of our cookies constitutes a “sale” under CCPA, we have implemented a “Do Not Sell” button on our home page to allow you to opt out of the sale of your information. 

Our contact information is listed at the bottom of this policy. We will ask for your name, email address and state of residence. If your name and email address are insufficient to verify your identity and assess your privacy request, we may need to ask for additional information.  You may also designate an authorized agent to make a CCPA privacy request.

Third Party Websites

We may link to other websites. When you click on one of these links, you are ‘clicking’ to another website. We do not control the data collection or privacy practices of such third-party sites. We encourage you to read the privacy policies of any third-party sites, as their collection, use and storage practices and policies may differ from ours.

Minors Under 18 Years of Age

Metadata does not knowingly collect or store any personal information from or about children under the age of 18.

If you believe a child under the age of 18 has under any circumstances provided us with personal information and data, a parent or legal guardian can email us at privacy@metadata.io  to request that their children’s information be deleted from our records.

Do Not Track

“Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, there is no industry-recognized way to recognize when a browser-based DNT signal is received.

Changes to Privacy Policy

We reserve the right to amend this Privacy Policy at any time. If we make material changes to its Privacy Policy, we will notify you by (1) changing the Effective Date on our Privacy Policy and provide additional notification either (1) via email or other means as we may deem commercially reasonable.

Questions?

If you ever have any questions about our online Privacy Policy, please contact us. We respect your rights and privacy and will be happy to answer any questions or concerns you might have. You may direct any such questions to us at:

880 Harrison St. Suite 303C, San Francisco, CA 94107

Phone: (415) 231-2211

Email: privacy@metadata.io