Privacy Policy

MetalSoft (collectively "MetalSoft", "we", "us" or "our") is a provider of SaaS that manages hardware and software infrastructure and data. We do not knowingly attempt to solicit or receive personal data from children.

MetalSoft may process your personal data as a controller (usually, the personal data that we collect from you) or as a processor (usually, the personal data that you process through our services).

This Privacy Notice applies to personal data processed by MetalSoft or its service providers from or about:

• Visitors to, or users of MetalSoft website
• Current and potential customers of MetalSoft services
• Service providers, contractors and business partners
• Job applicants, employees
• Participants to MetalSoft's or our partners' events
• Visitors on our premises
• Other third-parties that we interact with

By "personal data," we mean any information that can identify you. It includes information from which you are reasonably identifiable.

By "you" we mean any data subject whose personal data is in our possession.

We may also process information that is related to you, but that does not identify you personally. This type of information is called "Non-personal data." Non-personal data also include information that, in its original form, could personally identify you, but that we have modified (by means such as anonymizing, aggregating or de-identifying) in order to hide or remove any personal data.

• Contact details: Usually data that you can find on a business card, such as your name, job title, email, telephone, postal addresses, PIN, ID series and number, ID issuing date and authority, birth date.
• Your correspondence with us: Such as emails, tickets, physical correspondence.
• Your account data: Such as transactional information about the services you use, how you interact with us and the services, dates of payment owed or received, subscriptions you use, logs, service use history, account numbers or other information related to your management interface.
• Credential data: Such as passwords, hints and similar security information used for authentication and access to accounts and services.
• Payment card data: Such as bank card (expiry date, name written on the card, last 4 digits, security code), bank account details; is provided directly by users into the PCI/DSS-compliant payment processing service and MetalSoft does not, itself, process or store the card information.
• Cookies and other similar technologies: Such as data from your web browser – browser type and language, IP address, the operating system and version, your general geographic location, and your activity on MetalSoft websites.
• Images: Such as photographs, video, voice recordings when you participate in our events; CCTV recordings when you visit our premises.
• Data we obtain from other sources: Such as Trade Registry, public authorities and other data providers. This includes public data, demographic data, interest-based data and internet browsing behavior.
• Recruiting data: Such as details of your qualifications, skills, experience and employment history, information about your current level of remuneration, including benefit entitlements.

Sensitive information: Such as any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other such private information which is considered sensitive information and we will not intentionally collect or maintain or provide such information to third parties.

We collect information directly from you, as well as automatically through your use of our Services and, in some cases, from third parties. The personal data may be collected in the following ways:

• Directly from you: For example when you submit an order, conclude an agreement, apply for a job, use our services, communicate with MetalSoft via phone calls, ticketing platform, email, web forms, chat, social media and other such methods of communication, submit a request via your MetalSoft management interface, subscribe to MetalSoft marketing newsletter or blog posts, attend our events or provide us services, access MetalSoft websites.
• Automatically: Via cookies or other similar technologies by tracking you online when you visit our website (observed data). You can find out more about this in our Cookies and similar technologies policy.
• From other sources: For instance, from third parties such as when your employer is our client and appoints you as a delegate or provides us with certain information in order for us to be able to contact you, or if one of our third-party partners we work closely with shares your personal data with MetalSoft in order for us to be able to contact you.

We use the personal data for the following purposes:

We use your contact information to get in touch with you, communicate with you about your orders or the services you use, subscription keeping a record of your complaint or ticket, security updates, reminders of the need to take action to keep your account active and up to date, sending announcements about our services/newsletters, informing you about upcoming events sponsored by us, promotional activities, communication with you in the recruiting processes.

We use your contact information to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, marketing communications, announcements or special offers, to personalize your experience or to inform you of upcoming events. You may always opt-out from receiving such communications, and this decision will not affect your ability to continue receiving services from us, visiting our website and reading blog posts.

We use personal data for statistical purposes and to produce aggregate data insights. For example, we may use data to generate statistics about the number of users, event participants, the number of clicks on the website, or the demographic distribution of visitors to a site.

MetalSoft website uses Google Analytics to track how often people gain access to or read our content or access our website. We use this information as aggregate data to understand what content, information or services our users find useful or interesting, so we can produce the most valuable content to meet your needs.

We may use Hotjar or other similar technologies in order to better understand our users' needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users' experience and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user.

When you become our client, we may collect personal data about you including contact details, communications, correspondence, feedback, your account information, credential information, traffic data, payment card information for processing orders (including payments).

We use the personal data needed to investigate, respond to and resolve complaints and service issues or downtime. We process your personal data for creating and maintaining your account, controlling the access to it, contract administration, providing services, processing orders and payments.

We use the personal data to prevent and to detect fraud or abuses of MetalSoft website and services, to prevent and detect any attack and to be able to identify, to assure your account and your data security and to protect our business from fraudulent transactions.

We will process your personal data based on the following legal grounds:

• Contract performance: To enter into the agreement and the performance of your agreement and to take action in accordance with your requests.
• Legitimate interests: MetalSoft's legitimate business interests, for example, fraud prevention, maintaining the security of our network and services and improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights.
• Legal obligation: Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies, procedures and your rights under GDPR.
• Consent: Consent you provide where MetalSoft does not rely on another legal basis. Consent may be easily withdrawn at any time.

The personal data we gather is for internal use only, and we will not authorize the release of this data to anyone outside MetalSoft, without your consent for such disclosure, except for the limited circumstances described in this Privacy Notice, in your applicable agreement or permitted by law.

We may disclose your personal data as described below:

• MetalSoft group companies or affiliates: All of the personal data we collect about you may be transferred or accessed by our companies. We will protect the privacy and the security of the personal data in accordance with this Privacy Notice and the applicable law.
• Third-party business partners and providers: To the necessary extent of providing the services. We require our third-party service providers and business partners to keep all data confidential and to use it only to perform their obligations.
• Authorities or other bodies: If we are under a legal obligation to share your personal data. We may release personal data to comply with the law, protect our rights, property, the safety of our business.
• With your consent: We may disclose your personal data if we have your consent to do so.

We will retain your personal data as needed to fulfill the purposes for which it was collected. We will retain and use your personal data in order to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.

Examples:

• We will retain your contact details and account data for as long as your account is active.
• If you are our client, we will keep all collected data needed to perform our agreements during the contractual period and for a period of 3 years after the termination of the agreement, except otherwise stated by the law.
• We will retain your personal data, collected automatically via cookies or other similar technologies for as long as we deem it necessary to enable you to use the website, but no more than 26 months.
• We will retain job applicant's personal data for 6 months.

Below we set out details on how you can exercise your rights:

• Right to access personal data: You have the right to make a request for a copy of the personal data that we hold about you.
• Right to correct personal data: You have the right to obtain the rectification of inaccurate personal data concerning you.
• Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.
• Right to restrict the use of your data: In certain circumstances, you will have the right to ask us to restrict processing.
• Right to erasure: In certain circumstances stipulated by GDPR, you have the right to request us to erase your personal data that we hold.
• Right to revoke your consent: You may also revoke your consent previously granted.
• Right to object to use of personal data: You have the right, in certain circumstances stipulated by GDPR, to object to MetalSoft processing your personal data.
• Right to opt out of marketing messages: If you no longer want to receive marketing messages from MetalSoft, you can elect to opt out of all marketing communications.

To exercise any of these rights, please contact us at privacy@metalsoft.io.

We intend to protect the personal information entrusted to us and treat it securely in accordance with this Privacy Notice. MetalSoft implements physical, administrative, and technical safeguards designed to protect your personal information from unauthorized access, use, or disclosure.

When it comes to prevention of data loss, alteration, misuse, unauthorized access or unlawful processing of the collected personal data, we are committed to industry best practices. Therefore, we:

• Use encryption technology as appropriate
• Require our suppliers to protect personal data from unauthorized access, use, and disclosure
• Limit the access to the systems on which the personal data is stored
• Test our website, data centers, systems, and other assets for security vulnerabilities
• Monitor for possible attacks and vulnerabilities

However, we cannot guarantee that the measures taken will prevent every security threat. In the event of a security breach which results in an unauthorized disclosure of information, we will notify you as soon as possible.

We will never intentionally collect or maintain information about individuals defined as minors in local law or regulation. However, if you believe that we are in possession of such information, please contact us at privacy@metalsoft.io, and we will make necessary inquiries and investigations and, if applicable, delete that information.

Should you have any questions about how we are processing your personal data, about exercising your rights or about our privacy policy, please feel free to contact us at privacy@metalsoft.io, and we will get back to you as soon as possible.

Please be assured that we will promptly investigate the matter and that we are committed to resolving any privacy concerns that you may have.