Privacy Policy
Last updated: September 2023
Table of contents
III. Name and address of the data controller 3
- Contact details of the data protection officer (cf. Art. 37 EU-GDPR) 3
- Legal basis for data processing. 4
- Data delection and storage period. 4
- Requirements for the transfer of personal data to third countries. 5
- No automated decision-making (including profiling) 6
- No obligation to provide personal data. 6
- Visiting the Website, App and social media presence. 9
- Explanation of function. 9
- Personal data processed. 9
- Duration of data processing. 11
- Transmission of personal data to third parties; legal basis. 11
- Use of Cookies, Plugins, and other services on our Website and App. 12
- Contact by email 16
- Contractual relationship with us as service provider 16
- Contractual Relationship with us as business partner 17
A. General
I. Scope of application
This Privacy Policy- describes how we collect, use, and handle personal data that you provide to us or that we collect from you when you access or use our website https://metrade.io including all its subdomains (hereinafter collectively «Website») and our Mobile-App and Webapp (hereinafter collectively «App»);
- explains the circumstances under which we may disclose this personal data to third parties; and
- informs you about your rights in relation to your personal data.
II. Definitions
These are the definitions used in this privacy policy, based on the definitions provided in Art. 4 of the EU General Data Protection Regulation (EU-GDPR):- “Personal data” (see Art. 4 No. 1 EU-GDPR) means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or information relating to physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability may also be established by combining such information or through additional knowledge. The form or embodiment of the information is irrelevant (even photos, video or audio recordings can contain personal data).
- “Processing” (see Art. 4 No. 2 EU-GDPR) means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction, as well as changing the purpose or intended use of the data originally collected.
- “Controller” (see Art. 4 No. 7 EU-GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
- “Processor” (see Art. 4 No. 8 EU-GDPR) means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, following the controller’s instructions (e.g. an IT service provider). In terms of data protection law, a processor is not a third party.
- “Third party” (see Art. 4 No. 10 EU-GDPR) means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. This also includes legal persons affiliated with the controller.
- “Consent” of the data subject (see Art. 4 No. 11 EU-GDPR) means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
III. Name and address of the data controller
The controller responsible for processing your personal data within the meaning of Art. 4 No. 7 EU-GDPR is us: AI Brainvisuals AG St. Luzi Str. 43, 9492 Eschen, Fürstentum Liechtenstein E-Mail: info@ai-brainvisuals.com You can find further information about our company in the imprint section on our Website at https://metrade.io/corporate-texts/privacy-policy-1IV. Contact details of the data protection officer (cf. Art. 37 EU-GDPR)
For all questions and as the contact person regarding data protection at our company, our data protection officer is available to you at any time. His contact details are: Andreas Schäfer Data Protection Officer Lange Str. 22, 72379 Hechingen, Germany E-Mail: andreas@ai-brainvisuals.comV. Legal basis for data processing
By law, in principle, every processing of personal data is prohibited and only allowed if the data processing falls under one of the following justifications:- 6 para. 1 let. a EU-GDPR (“consent“): If the data subject has voluntarily, in an informed manner and unambiguously given his or her consent through a declaration or other clear affirmative action to the processing of the personal data concerning him or her for one or more specific purposes;
- 6 para. 1 let. b EU-GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- 6 para. 1 let. c EU-GDPR: If the processing is necessary for compliance with a legal obligation the controller is subject to (e.g. a legal retention obligation);
- 6 para. 1 let. d EU-GDPR: If the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- 6 para. 1 let. e EU-GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- 6 para. 1 let. f EU-GDPR (“legitimate interests“): If the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
VI. Data delection and storage period
For each processing activity we undertake, we will indicate below how long your data will be stored by us and when it will be deleted or blocked. If no specific storage period is indicated below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage ceases to apply. Your data will generally only be stored on our servers in Frankfurt Germany DCs of AWS, subject to any transfer that may occur under the provisions in Part A. Sections VIII. and IX. However, storage may continue beyond the specified period in the event of a (potential) legal dispute with you or other legal proceedings, or if storage is required by legal provisions to which we, as the controller, are subject to. When the storage period required by law expires, your personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for such storage. The following factors may play a role in determining whether further storage is necessary:- legal obligations to store data for a longer period;
- statutory limitation periods;
- (potential) legal disputes; or
- guidelines and orders issued by competent data protection authorities.
VII. Data security (cf. Art. 32 EU- GDPR)
WWe use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties (e.g. SSL/TSL encryption for our Website), taking into account the state of the art, the implementation costs, and the nature, scope, context, and purposes of processing as well as the risks of a data breach (including its likelihood and severity) for the data subject. Our security measures are continuously improved in line with technological developments. We are happy to provide you with more detailed information upon request. Please contact our data protection officer (see Part A. Section IV.).VIII. Collaboration with processors (cf. Art. 28 EU-GDPR)
Like other companies, we also use external service providers, both domestic and foreign, to handle our business operations (e.g. IT, logistics, telecommunications, sales and marketing). They act only on our instructions and have contractually committed to comply with data protection regulations in accordance with Art. 28 EU-GDPR. If your personal data is passed on by us to our partner companies or from our partner companies to us (e.g. for advertising purposes), this is done on the basis of existing processing agreements.IX. Requirements for the transfer of personal data to third countries
Im As part of our business relationships, your personal data may be transferred or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries (e.g. Switzerland). Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you of the specific details of the transfer at the relevant points. The European Commission certifies some third countries with so-called adequacy decisions, which provide a level of data protection comparable to that of the EEA standard (you can find a list of these countries and a copy of the adequacy decisions here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de). However, in other third countries to which personal data may be transferred, there may be no uniformly high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This can be done through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates, recognized codes of conduct, or self-certification under the EU-US Privacy Shield (information on this can be found here: https://www.privacyshield.gov/welcome ). However, we will only transfer your personal data to a location outside the EEA if:- this transfer is made to a location where the European Commission believes that it provides adequate protection for your personal data;
- we have taken appropriate measures to protect your personal data (for example, if both parties involved in the transfer have agreed to standard data protection clauses recognized by the European Commission); or
- the above does not apply, but we can still proceed legally, for example, if the transfer is necessary for the establishment, exercise, or defense of legal claims.
X. No automated decision-making (including profiling)
We do not intend to use personal data collected from you for any automated decision-making process (including profiling).XI. No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are not generally under a legal or contractual obligation to provide us with your personal data; however, it may be that we can only provide certain offers to a limited extent or not at all if you do not provide the required data. If this should exceptionally be the case within the scope of the products or services offered by us and presented below, you will be notified separately.XII. Legal obligation to transmit certain data
Under certain circumstances, we may be subject to a special legal or regulatory obligation to provide lawfully processed personal data to third parties, especially public authorities (cf. Art. 6 para. 1 let. c EU-GDPR).XIII. Your rights
You can exercise your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided in Part A. Section IV. You have the right as a data subject to:- request information about the data we process about you in accordance with Art. 15 EU-GDPR. In particular, you may request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, and the existence of automated decision-making, including profiling, and meaningful information about its details;
- request without delay the rectification of inaccurate or incomplete data we have stored about you in accordance with Art. 16 EU-GDPR;
- request the erasure of your data stored by us in accordance with Art. 17 EU-GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- request the restriction of processing of your data in accordance with Art. 18 EU-GDPR, to the extent that the accuracy of the data is contested by you, the processing is unlawful or you have objected to the processing;
- receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller, in accordance with Art. 20 EU-GDPR (“data portability”);
- object to the processing of your data, if the processing is based on Art. 6 para. 1 let. e or let. f EU-GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If the objection does not concern direct marketing, we ask you to explain the reasons why we should not process your data as we have done. If you raise a justified objection, we will examine the situation and either terminate or adapt the data processing or show you our compelling legitimate grounds for continuing the processing;
- withdraw your consent – i.e. your voluntary, informed and unambiguous expression of will that you agree to the processing of your personal data for one or more specific purposes – which you have given to us at any time in accordance with Art. 7 para. 3 EU-GDPR, even before the EU-GDPR came into effect, i.e. before May 25, 2018. This will result in us no longer being allowed to continue the data processing based on this consent in the future; and lodge a complaint with a data protection supervisory authority regarding the processing of your personal data in our company, such as the supervisory authority responsible for us. The supervisory authority/data protection office responsible for us is the Data Protection Authority of the Principality of Liechtenstein. The contact details can be found at the following link: https://www.datenschutzstelle.li/impressum.
- information from you to confirm your identity. If you do not provide us with the requested information and we are therefore unable to identify you, we may be forced to reject your request; or
- you make obviously unfounded or excessive requests, especially in the case of frequent repetition. In these cases, we may either: (a) charge reasonable administrative costs or (b) refuse to process the request.
XIV. Changes to this Privacy Policy
As part of the ongoing development of data protection law and technological or organizational changes, our privacy policy will be regularly reviewed for any necessary adjustments or additions. You will be informed about any changes, in particular on our Website at https://metrade.io/de/corporate-texts/privacy-policy-1 to Privacy Policy. This Privacy Policy is valid as of September 2023.B. Visiting the Website, App and social media presence
I. Explanation of function
You can obtain information about our companies and the services we offer on our Website and App. When you visit our Website or App, personal data may be processed by us.II. Personal data processed
When you use the Website or App for informational purposes, the following categories of personal data may be collected, stored, and processed by us:- “Log data“: When you visit our Website or App, a so-called log data record (so-called “server log files“) is temporarily and anonymized stored on our web server. This consists of:
- the page from which the page was requested (so-called “referrer URL”);
- the name and URL of the requested page;
- the date and time of the call;
- the description of the type, language, and version of the web browser used;
- the IP address of the requesting computer, which is shortened so that personal reference is no longer possible;
- the transmitted data volume;
- the operating system;
- the message whether the call was successful (access status/HTTP status code);
- the GMT time zone difference.
- “Contact form data“: We collect the personal data that you provide to us when you fill out forms on our Website or App (e.g. gender, name and surname, address, company, email address, and the time of transmission). We may use this personal data to process your request and/or provide the services you have requested or to provide the desired information.
- “Application data“: If you apply for a job opening with us, we ask you to contact us directly by email or to upload your application documents (resume and cover letter) so that we can assess your suitability for the position.
- “Survey data“: Occasionally, we ask you if you would like to give us feedback on our services and/or events by participating in a survey. Participation is voluntary. We use the feedback from the surveys to evaluate our performance and optimize our service offering and/or events.
- “Event data“: If you would like to participate in one of our events, you will be asked to fill out a registration form. The registration form contains information on how we handle your personal data in connection with the respective event.
- Newsletter and publications: We will only send you publications or newsletters if you have given us your general consent or have expressed a particular interest in certain information. We also process your data to provide you with tailored and relevant advertising, current communications, and invitations. Subject to your consent, this also applies to data that provides information on how you access and use our emails.
III. Purpose and legal basis of data processing
We process the personal data described above in accordance with the provisions of the EU-GDPR, other applicable data protection regulations, and only to the extent necessary. To the extent that the processing of personal data is based on Art. 6 para. 1 let. f EU-GDPR, the stated purposes also represent our legitimate interests. In the context of the processing of your personal data based on Art. 6 para. 1 let. f EU-GDPR, our legitimate interests may include the following purposes in particular:- to communicate with you;
- to carry out business transactions;
- for record-keeping, statistical analysis, internal reporting and research purposes;
- to ensure network and information security;
- to inform you of changes to our services;
- to investigate a complaint from you;
- for evidentiary purposes in an existing or threatened legal dispute between you and us;
- to analyze user behavior on our Website or App;
- to customize various aspects of our Website or App to optimize the user experience;
- for hosting, maintenance, and other support of the operation of our Website or App;
- to detect and prevent fraud and other criminal activities
- for the purposes of risk management;
- for resuming or restarting operations in a crisis situation (e.g. creating backups);
- for storing documents;
- for database management;
- to protect the rights, property, and/or safety of AIB, its employees, and other individuals; and
- to ensure the quality of the services we provide to our customers.
IV. Duration of data processing
Your data will only be processed for as long as is necessary to achieve the processing purposes mentioned above; the legal bases stated within the scope of the processing purposes apply accordingly. Regarding the use and storage period of cookies, please refer to Part A. Section VI. Third parties we use will store your data on their system for as long as is necessary in connection with the provision of services to us according to the respective order. For more information on storage periods, please refer to Part A. Section VI.V. Transmission of personal data to third parties; legal basis
The following categories of recipients, who are usually processors (see Part A. Section IX.), may have access to your personal data:- Service providers for the operation of our Website or App and the processing of data stored or transmitted through the systems (e.g. for data center services, payment processing, IT security). The legal basis for disclosure is then Art. 6 para. 1 let. b or let. f EU-GDPR, unless it is processors;
- Government agencies/authorities, if this is necessary to fulfill a legal obligation. The legal basis for disclosure is then Art. 6 para. 1 let. c EU- GDPR;
- Persons involved in the conduct of our business (e.g. auditors, banks, insurance companies, legal advisers, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for disclosure is then Art. 6 para. 1 let. b or let. f EU-GDPR.
VI. Use of Cookies, Plugins, and other services on our Website and App
Cookies: We use cookies on our Website or App. Cookies are small text files that are assigned and stored on your hard drive by the browser you are using, using a characteristic string of characters, and through which certain information is transmitted to the entity that sets the cookie. Cookies cannot run programs or transfer viruses to your computer, and therefore cannot cause any harm. They are used to make the Internet offer more user-friendly and effective, and therefore more pleasant for you. Cookies can contain data that enables recognition of the device used. However, cookies may also contain only information about certain settings that are not personally identifiable. Cookies cannot directly identify a user. There is a distinction between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. In terms of their function, cookies can be further divided into:- Technical Cookies: These are essential for navigating the Website or App, using basic functions, and ensuring the security of the Website or App; they do not collect any information about you for marketing purposes, nor do they store which websites you have visited;
- Performance Cookies: These collect information about how you use our Website or App, which pages you visit, and whether errors occur during the use of the Website or App; they do not collect any information that could identify you – all collected information is anonymous and is only used to improve our Website or App and find out what our users are interested in;
- Advertising Cookies, Targeting Cookies: These are used to offer Website or App users demand-oriented advertising on the Website or App or offers from third parties and to measure the effectiveness of these offers;
- Sharing Cookies: These are used to improve the interactivity of our Website or App with other services (e.g. social networks).
- Microsoft Windows Internet Explorer
- Microsoft Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome für Desktop
- Google Chrome für Mobile
- Apple Safari für Desktop
- Apple Safari für Mobile
- Twitter, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin D02 AX07, Ireland: https://twitter.com/de/privacy
- LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy
- Telegram, Telegram UK Holdings Ltd (71-75 Shelton Street, Covent Garden, London, England, WC2H 9J: https://telegram.org/privacy
- WhatsApp, WhatsApp LLC. 1601 Willow Road Menlo Park, California 94025, United States of America: https://www.whatsapp.com/legal/privacy-policy
- Skype, Skype Communications SARL, 23-29 Rives de Clausen, L-2165 Luxembourg: https://privacy.microsoft.com/en-us/privacystatement
- Facebook, Meta/Facebook Headquarters, 1 Hacker Way Menlo Park, CA 94025, United States of America: https://www.facebook.com/privacy/policy/
- LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy
- Twitter, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin D02 AX07, Ireland: https://twitter.com/de/privacy
- Facebook, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland: https://www.facebook.com/privacy/policy/
- YouTube, Google Ireland Limited, mit Sitz in Gordon House, Barrow Street, Dublin 4, Irland: https://policies.google.com/privacy
- Instagram, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland: https://www.facebook.com/privacy/policy/
- you inform us that you want to revoke your consent;
- you can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this Website or App to their full extent;
- you can also prevent the collection of data generated by the cookie and related to your use of our Website or App (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: (https://tools.google.com/dlpage/gaoptout?hl=en).
- Communicating with you: We use the information to respond to your inquiries and provide the assistance you need;
- Improving Our Services: Analyzing chat interactions to enhance the effectiveness and quality of our customer support;
- Order Information: Using data to fulfill orders placed through our site, including processing payments, arranging shipping, and providing invoices or order confirmations;
- Risk and Fraud Screening: Utilizing device information, such as IP addresses, to help screen for potential risks and fraud;
- Marketing and Advertising: Providing you with information or advertising related to our products or services, aligned with your preferences;
- Site Optimization: Using device information to improve and optimize our site, generate analytics on how customers interact with the site, and assess the success of our marketing and advertising campaigns.
C. Contact by email
You have the option to contact us by email. You are solely responsible for the information and/or content you send us. We recommend that you do not transmit confidential data. Personal data is only collected by us if you voluntarily provide it to us. Therefore, you are solely responsible for the data you transmit to us. In order to answer your questions, we may ask you for additional information such as your address, telephone number, etc. We only collect personal data from you if it is necessary to answer your questions or provide the services you have requested. When processing your email request, our legitimate interest in data processing pursuant to Art. 6 para. 1 let. f EU-GDPR exists. You can object to this data processing at any time (see also Part A. Section XIII.).D. Contractual relationship with us as service provider
In the context of a contractual relationship with us, in which we provide services to you, we process, among other things, the following personal data:- your name and contact information (including name, address, telephone number or email address);
- information about the company you work for, your position or title;
- identification and background information that you provide to us or that we collect from you as part of the establishment of the contractual relationship;
- billing and payment information;
- information that you provide to us in the course of and for the purposes of providing services, or that we create as part of our services for you, including order-related communication;
- personal data of third parties required for the establishment of the contractual relationship or the provision of services. This includes, among others, your immediate and indirect shareholders, business and contractual partners as well as advisors, representatives of authorities in a regulatory procedure, as well as each of the employees and members of the mentioned persons and institutions;
- all other information related to you that you provide to us in connection with the contractual relationship.
- you as the recipient of services or contractual party;
- authorities;
- other third parties. These include, among others, your immediate and indirect shareholders, business and contractual partners and advisors.
E. Contractual Relationship with us as business partner
As part of a contractual relationship with us in the context of cooperation as a service provider, supplier, and other business partners, we process, among other things, the following personal data:- your name and contact information (including name, address, telephone number, or email address);
- information about the company you work for, your position, or your title;
- identification and background information that you provide to us or that we collect from you in the context of establishing the contractual relationship;
- invoice and payment information;
- Information that you provide to us in the context of and for the purposes of providing services to us or that you create in the course of providing services to us, including order-related communication;
- personal data of third parties that are required for establishing the contractual relationship or providing services by you. This includes, among others, your direct and indirect shareholders, business and contractual partners as well as consultants, representatives of authorities in a regulatory procedure, as well as each of the employees and members of the aforementioned persons and entities;
- any other information related to you that you provide to us in connection with the contractual relationship.