Privacy Policy
1. Controller
Metric Might
20 Wenlock Road
London, N1 7GU
[email protected]
Contact Details in Data Protection Matters: [email protected]
This Privacy Policy informs you how Metric Might as a data controller process your personal data. This Privacy Policy concerns Metric Might websites and our all products and services, which collect personal data, or which are linked to this Privacy Policy. We have a shared customer, marketing, and stakeholders register, and our group companies act as joint controllers for that register. If you are a consumer who reside in the State of California, California resident, this supplementary privacy notice for California residents applies to you.
2. Name of register
Customer, Marketing and Stakeholders Register
3. What data do we process and what is the purpose and the legal basis of processing the personal data?
Data subjects are the customers, potential customers and stakeholders of Metric Might.
| PERSONAL DATA | PURPOSE OF PROCESSING | LEGAL BASIS |
|---|---|---|
| Basic information such as name, customer number, username and/or other identifier, preferred language Contact information such as e-mail address, phone number, address information Information related to the company’s contact persons | Delivering and improving our products and services according to your needs | Legitimate interest |
| Customer surveys | ||
| Fulfilling our contractual and other promises and obligations | Performance of a contract | |
| Purchasing and ordering necessary services and products from our suppliers to maintain our business | ||
| Invoicing | ||
| Marketing our services to relevant companies | Legitimate interest | |
| Bookkeeping | Legal obligation | |
| Recording sales calls for employee training purposes and for improving our sales processes | Consent. We will notify you and obtain your consent before the call is recorded where required by applicable law | |
| Possible direct marketing opt-outs | Serving customers interest of not receiving direct marketing | Legitimate interest in being able to fulfil our legal obligation to ensure opt-out from direct marketing in accordance with the law |
| Information you provide in connection with the events we host, registration data, special diets, invoicing data | Organizing events | Legitimate interest in being able to host events and invoice when applicable |
| Consent regarding health data (e.g. allergies) | ||
| Information of the customer relationship and the contract such as information of past and current contracts and orders, correspondence with you and other communication, payment information and other information which you have voluntarily provided to our systems | Compliance with our contractual and other promises and obligations | Performance of a contract |
| Invoicing | ||
| Managing the customer relationship | Legitimate interest in managing and developing the customer relationship | |
| Bookkeeping | Legal obligation | |
| Data of the connection and terminal device you are using such as the IP address, device ID or other device identifier and cookies | Developing our services | Consent |
| Targeting advertising in our online services | ||
| Analyzing and profiling behavior |
4. Google OAuth Data Collection
4.1 Data Collection Disclosure
Our web application integrates with Google services using Google OAuth, which allows us to access certain data from your Google account with your explicit consent. Below is a detailed description of the types of data we collect and how it is used:
Google Analytics Data (analytics.readonly scope):
Data Collected: We access your Google Analytics 4 (GA4) data, which includes aggregated and anonymized information such as website traffic statistics, user behavior metrics, and other analytics data available in your GA4 account.
Purpose: This data is used to provide insights and analytics services within our web application, allowing you to monitor and analyze the performance of your website or app. We do not store any data from Google Analytics on our servers, nor do we share this data with third parties. The data is retrieved through Google APIs and sent to a data target of choice, such as Google Sheets.
Email Address (userinfo.email scope):
Data Collected: We collect and store your email address associated with your Google account.
Purpose: Your email address is used to create and manage your user account on our platform, as well as to communicate with you regarding account-related matters, updates, and notifications. We do not use your email address for unsolicited marketing purposes.
Profile Information (userinfo.profile scope):
Data Collected: We access and store basic profile information from your Google account, including your name and language preference.
Purpose: This information is used to personalize your experience within our web application, such as displaying your name in the user interface, or displaying information in your preferred language. This data helps enhance user interaction and account management within the app.
4.2 Data Usage and Sharing
We only access the specific data described above with your explicit consent and solely for the purposes mentioned.
We do not share your personal information or Google user data with any third parties, except as required by law or to protect the rights and safety of our users.
4.3 Data Storage and Security
The data we collect is stored securely on our servers and is protected by industry-standard security measures. We do not retain your Google Analytics data on our servers; access is provided in real-time through the Google API.
4.4 Your Control
You can revoke access to your Google account data at any time by managing your app permissions in your Google account settings. Doing so will prevent our web app from accessing any new data, but it may limit the functionality of the services we provide.
5. From where do we receive data?
We receive information primarily from following sources: yourself, population register, authorities, credit information companies, contact information service providers and other similar reliable sources. We also collect information when our services or websites are used. More information on how we use cookies can be found in the Section 8 below.
For the purposes described in this Privacy Policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations.
6. To whom do we disclose data, and do we transfer data outside of EU or EEA?
We may disclose data from this customer, supplier and marketing register to our co-operation partners who do marketing and arrange campaigns and events with and on behalf of us, and who consider themselves as controllers instead of processors working on our behalf (these parties are i.a. social media operators and advertisement networks). Otherwise we do not disclose data from the register to external parties unless required by the legislation or an order by the authorities.
We utilize subcontractors that process personal data on behalf of and for us. We have outsourced our IT management and the maintenance of our customer and marketing systems to outside service providers on whose administrated and protected servers the personal data is stored.
We transfer personal data outside the EU/EEA in connection with the purposes stated in this Privacy Policy. When personal data is processed outside the EU/EEA, we ensure that the personal data is transferred in accordance with the applicable law, for example, by using the EU Commission’s standard contractual clauses or other appropriate safeguards as described in Article 46 of the GDPR.
7. How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons
We store the data as long as it is necessary for the purpose of processing the data. Personal data in the Customer, Stakeholder and Marketing register is erased after the claim period related to a specific customer, stakeholder or service relationship has elapsed. This period is typically ten (10) years.
We regularly estimate the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
8. How do we use cookies on our website?
Our websites and social media channels use cookies and other similar technologies for managing and developing the website, improving and analyzing user experience and targeting advertisement in our and our partners’ services. Cookies allow us to collect information such as from which website users arrive to the pages, which pages are browsed and when, which browser is used and the IP address of the device.
For more information on how we use cookies, please see our Cookie Policy.
9. What are your rights as a data subject?
You have the right to access the personal data stored in this register concerning yourself, and the right to demand rectification or erasure of that data. You also have the right to withdraw your consent where we process your data based on your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
You have the right to object to processing or to request restriction of the processing of your personal data at any time and free of charge, and to lodge a complaint with the supervisory authority. Please, see a list for supervisory authorities’ websites here (Link to EU Commission’s website) and the contact information of the UK Information Commissioner’s Office (ICO) below.
UK Information Commissioner’s Office:
Customer Contact, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF +44 303 123 1113 [email protected]
For specific personal reasons, you also have the right to object profiling and other processing concerning yourself, when processing the data is based on our legitimate interest. In connection with your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request based only on grounds provided by law.
All requests and requirements concerning this section should be submitted in writing to the address [email protected].
10. Changes to this Privacy Policy
Should we make amendments to this Privacy Policy, we will place the amended notice on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this Privacy Policy from time to time to ensure you are aware of any amendments made.