Privacy Policy
Personal data protection policy of the MetaCase Website
The purpose of this personal data protection policy is to inform the user on how MetaCase processes personal data while using the MetaCase Website (“Website”) and to comply with the provisions of the legislation on protection of personal data, particularly, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”), regarding the information to be provided to the user, the data subject.
1. Identity and contact details of the Controller and Data Protection Officer
When using the Website, Metacase processes personal data as a Data Controller for its own purposes (as listed below).
- Name: Metacase – Soluções e Serviços Informáticos S.A. (“Metacase”)
- Head office: Rua Soeiro Pereira Gomes, Lote 1, 1649-031 Lisbon, Portugal
- Share Capital: EUR 200.000,00
- Legal Person Number: 506.743.888
- Data Protection Officer: DataProtectionOfficer@sibs.com
2. Purposes and legal basis of processing, personal data and retention periods
When using the Website, MetaCase collects personal data from the user (some of which is essential and mandatory and some of which is optional, otherwise some features will not work):
Purpose of processing | Legal Basis | Personal data | Retention Period |
|---|---|---|---|
Customer support | Performance of a contract (cf. Article 6(1)(b) GDPR) | Email address. | Retention for the period necessary to prove compliance with legal obligations. |
Sending commercial communications about news, offers or promotions of SIBS solutions. | Consent of the data subject (Article 6(1)(a) GDPR). | Email address, Name. | 5 years from the date on which the data subject withdraws their consent, to prove compliance with a legal obligation. |
Response to contact requests | Performance of a contract (pre-contractual measures at the request of the data subject) (see Article 6(1)(b) GDPR) | Email address, Name, Telephone contact. | Retention for the period necessary to prove compliance with legal obligations. |
Website security and resilience (preventing and combating fraud). | Legitimate interest in ensuring security and preventing fraud (Article 6(1)(f) GDPR). | Website settings, activity or traffic data, namely, completion of the flow of operations | email address | IP address | service status | geolocation | device ID | make and model of the user’s device | address | TIN | username | device name | Operating System of device. | 5 years (Article 118(1)(c) of the Portuguese Criminal Code). |
The user can withdraw consent at any time (without affecting the lawfulness of the processing conducted on the basis of the consent previously given).
MetaCase only stores personal data in order to allow the identification of data subjects for the period necessary or required for the fulfilment of the purposes indicated.
3. Data recipients
In order to comply with legal obligations MetaCase may have to share personal data with third parties, e.g. judicial or administrative authorities, as well as supervisory or regulatory bodies.
4. Service providers
MetaCase may use other SIBS Group companies, or third parties to provide certain services involving the processing of personal data on the Website, exclusively according to prior documented instructions given by MetaCase.
5. International data transfers
The personal data is processed within the territory of the European Union/European Economic Area (EU/EEA). From time to time, MetaCase may transfer personal data outside the EU/EEA in a secure and lawful manner, ensuring that the data is only transferred under the mechanisms permitted in Chapter V of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).
6. Data processing security
MetaCase has implemented the appropriate technical and organisational security measures to ensure the security of the personal data provided to it, in order to prevent its alteration, loss, processing and/or unauthorized access to it, taking into account the current state of the technology, the nature of the data processed and the risks to which they are exposed, and the user being aware that security measures are not impregnable.
7. Exercise of data subject rights
Under the applicable terms of the legislation on the protection of personal data, the user may exercise, free of charge and at any time, the rights of: access; rectification; erasure (“right to be forgotten”); restriction; portability; object; by a written request addressed to the MetaCase Data Protection Officer to the address indicated above, or to the following e-mail address: DataProtectionOfficer@sibs.com.
8. National supervisory authority
The user has the right to lodge a complaint regarding the protection of personal data to the Comissão Nacional de Proteção de Dados (CNPD), which is the national supervisory authority for the purposes of the GDPR and Law no. 58/2019, of August 8th, which transposes the GDPR into Portuguese law.
9. Third-party websites and social networks
The Website may contain advertising, hyperlinks or other content that redirects the user to partner or third-party websites and/or social networks.
MetaCase does not control the content of these websites and/or social networks and is therefore not responsible for it, or for the practices of said websites or social networks. MetaCase therefore recommends users to consult the personal data protection policy of these websites, or social networks, and their terms and conditions of use.
10. Updating the Personal Data Protection Policy
This personal data protection policy will be reviewed and updated periodically whenever necessary.