Privacy

Introduction

Metaplane Inc.("Company") is committed to protecting the privacy of visitors of the Metaplane website(s), individuals who register to use the products and services, individuals who register to attend the Company's corporate or other events, and business partners. This Privacy Notice ("Privacy Notice" or "Notice") describes our privacy practices in relation to the use of Metaplane websites (including any customer portal or interactive customer website), its software, services, solutions, tools, and related applications, services, and programs, including attendance of corporate events and research and marketing activities, offered by Metaplane (the "Services") as well as your choices regarding use, access and correction of personal data.

This Privacy Notice is meant to help you understand, among other things, what personal data we collect, why we collect it, and what we do with it.

Metaplane has complied with the EU-US and Swiss-US Privacy Shield Framework; as part of this, we have certified to the US Department of Commerce that we adhere to the Privacy Shield principles of: Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability (the "Principles"), with respect to personal data that we process on behalf of our Customers established in the European Union and Switzerland. For more information about our Privacy Shield commitment, refer to the Privacy Shield section below.

You can learn more about Privacy Shield at https://www.privacyshield.gov and see our Privacy Shield self-certification at https://www.privacyshield.gov/list. Metaplane's self-certification to the Privacy Shield is subject to the investigatory and enforcement authority of the Federal Trade Commission.

‍

What information do we collect?

We collect information from you when you register on our site or fill out a form. Any data we request that is not required will be specified as voluntary or optional. When registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address or credit card information. You may, however, visit our site anonymously.

The information we may collect includes, without limitation:

• Contact data, such as: IP address, Email addresses, Phone numbers, Text notes about customers entered by end users, Related customers and organizations, Business addresses, Titles/Positions, and other similar contact data.
• Metadata and data for interactions, such as: Email addresses and names of participants, Email headers that contain Personal Data, Metadata of emails (times sent, etc.) that are linked to Personal Data, Metadata about calls and meetings (timing, participants, etc.) that are linked to Personal Data, Structured data stored by Company about Data Subjects, including text notes about Data Subjects that contain Personal Data, and structured data about Data Subjects (e.g. columns and "magic columns") that contain Personal Data.
  ‍

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

• To personalize your experience (your information helps us to better respond to your individual needs)
• To improve our website (we continually strive to improve our service based on the information and feedback we receive from you)
• To improve customer service (your information helps us to more effectively respond to your customer service and support needs)
  ‍

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow it) that enables the sites or service provider's systems to recognize your browser and capture and remember certain information. If you turn off cookies, you may still access the metaplane.dev site and learn about the product, but using the Metaplane app requires cookies in order to access workflow administration.

‍

Processing of data in EU

For individuals in the European Union, our processing (i.e. use) of your personal data is justified on the following legal bases:

• Performance of Contract: the processing is necessary to perform a contract with you or take steps to enter into a contract at your request;
• Compliance with Law: the processing is necessary for us to comply with a relevant legal obligation (for example, laws which require us to collect tax information from customers, carry out checks on customers, or which compel us to disclose information to public authorities or regulators);
• Our Legitimate Interests: the processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities, such as developing and maintaining relationships with our customers (the majority of the processing covered by this notice is legitimate interest based);
• Defend Our Rights: where the processing is necessary to the establishment, exercise or defence of legal claims; or
• With Your Consent: you have consented to the processing (for example, where we are required by local law to rely upon your prior consent for the purposes of direct marketing).

In all cases where legitimate interests is relied upon as a lawful basis, we take steps to ensure that our legitimate interests are not outweighed by any prejudice to your rights and freedoms. This is achieved in a number of ways, including through the application of principles of data minimization and security, and by taking steps to ensure that personal data is only collected or otherwise obtained where it is relevant to the lawful business activities, and where using personal data is reasonably necessary for those activities.
‍

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer your personal information except in accordance with this policy. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

We use sub-processors to provide us with some services that are necessary to provide the features of our website. Those subprocessors and the services they provide are listed below:

• Amazon: Amazon Web Services
• Segment: Analytics
• Amplitude: Analytics
• Stripe: Payments

If personal data is transferred outside the EU to other Metaplane group companies or to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield. For transfers to other Metaplane group companies in the United States (a country that has not received a decision from the European Commission determining that the United States provides adequate protection to personal data), we have put in place European Commission approved Standard Contractual Clauses, which protect personal data transferred between Metaplane entities. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting privacy@metaplane.dev
‍

Access and Data Subject Rights

Individuals have the right to access the personal data processed about them, subject to applicable law; individuals may request to access their personal data processed by us by emailing us at privacy@metaplane.dev

Subject to applicable law, you may also have some or all of the following rights available to you in respect of your personal data:

• to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
• to rectify inaccurate personal data (including the right to have incomplete personal data completed);
• to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
• to restrict processing of your personal data under certain circumstances;
• to port your data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;
• to withdraw your consent to our processing of your personal data (where that processing is based on your consent);
• and to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization.

In addition to the above rights, under EU data protection law, applicable individuals have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes.

You also have the right to lodge a complaint with your local supervisory authority for data protection.

In relation to all of these rights, please contact us at privacy@metaplane.dev. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

If you contact us regarding Customer Data for which we are a data processor, we will attempt to refer your request to the relevant Customer, and data controller for your personal data.
‍

Data Retention

We retain your Personal Information for as long as we need to fulfill our Services. In addition, we retain Personal Information after we cease providing Services to you, to the extent necessary to comply with our legal obligations. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

‍

Data Retention and Data Subject Rights under General Data Protection Regulation (GDPR)

If you are an EU citizen and you have the following data protection rights:

• the right to access, update or to delete the information we have on you
• the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete
• the right to object. You have the right to object to our processing of your Personal Data
• the right of restriction. You have the right to request that we restrict the processing of your personal information
• the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format
• the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information

If you wish to be informed what Personal Data we hold about you, rectify it, or want it to be removed from our systems, please email us at privacy@metaplane.dev.

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act (CalOPPA).

According to CalOPPA we agree to the following:

• users can visit our site anonymously
• our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website
• users will be notified of any privacy policy changes on our Privacy Policy Page
• users are able to change their personal information by emailing us at privacy@metaplane.dev

Online Privacy Policy Only

This online privacy policy applies only to information collected through our website and not to information collected offline.

Privacy Shield Dispute Resolution

We encourage EU and Swiss individuals who have questions or complaints about how we process their personal data under Privacy Shield to contact us at privacy@metaplane.dev. We will work to resolve your issue as quickly as possible, but in any event, within 45 days of receipt.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.

If you are an EU or Swiss individual and unable to resolve any complaints through any of the above methods, you may be able to invoke binding arbitration through a Privacy Shield panel, in accordance with the Privacy Shield Framework.

‍

EU Residents

Metaplane processes personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

Metaplane ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

Metaplane takes Technical and Organizational measures in accordance with Article 32 of the GDPR;

Metaplane respects the conditions referred to in paragraphs 2 and 4 of Article 28.3 of the GDPR for engaging another processor;

Metaplane will use commercially reasonable efforts, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GPDR;

Metaplane assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the processor;

Metaplane will, at the choice of the controller, which should be exercised via the Service or by emailing the choice to privacy@metaplane.dev, delete or return all the personal data to the controller after the end of the provision of services relating to processing, and will delete existing copies unless Union or Member State law requires storage of the personal data;

Metaplane will make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28.3 of the GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

‍

Other Disclosures

Law Enforcement or National Security. In accordance with our legal obligations, we may also transfer Customer Data, subject to a lawful request, to public authorities for law enforcement or national security purposes.

Additional Disclosures. We may also disclose Customer Data (including any personal data), where otherwise required by law.

Business Transfers. We may share personal data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case personal data held by us about our users may be one of the transferred assets. Metaplane recognizes potential liability in cases of onward transfer to third parties. Metaplane will not transfer any personal information to a third-party without first ensuring that the third-party adheres to the Privacy Shield principles.

Just-in-Time Disclosures. Additional disclosures or information about processing of personal data related to specific websites, mobile applications, products, services, or programs may be provided to you. These may supplement and/or clarify Metaplane's privacy practices in specific circumstances and provide you with additional choices as to how Metaplane may process your personal data.

‍

Your Consent

By using our site, you consent to our privacy policy. If you do not consent to the collection and processing of the information required to be processed, we are unable to provide you with our service, and you should not use our site.

‍

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page, send an email notifying you of any changes, and/or update the Privacy Policy modification date below. Policy changes will apply only to information collected after the date of the change.

‍

Feedback

If there are any questions regarding this privacy policy you may contact us at: privacy@metaplane.dev

‍