Your privacy ts important to us. No, seriously, it is important to us. This statement was written by the Founder & CEO of MetaCert. So it’s a promise from management, rather than a typical legal statement copied from another website.
The security environment for an extension in a web browser is different from that in a desktop or mobile app. MetaCert protects your data in ways that are unique to that environment to make sure it’s not susceptible to known browser-based attacks.
MetaCert runs in a sandboxed background page provided by the WebExtensions API, not in the untrusted web environment. Scripts running on web pages you visit have no way of interacting with the sandbox.
We collect some data from you, in order to provide you with our MetaCert products and Services, in addition to your use of our Website. You provide some data directly, such as when you create a MetaCert account, when you register for a MetaCert event or a webinar, or contact us for support. Such data is limited to your email address only. We get some limited data from your use of the MetaCert products and services. Such data includes your IP address, and the make and model of your device through which you access or use MetaCert products or services.
We use your personal data to provide you with services associated with the use of MetaCert account and to provide you with a rich customer experience through our customer support. In particular, we use your data to provide MetaCert services, which includes updating, securing and troubleshooting, and providing support.
The following is a more detailed description of MetaCert account user data: This data is treated securely with respect for customer privacy and data confidentiality, but there are important technical and usage differences.
We inevitably acquire Service Data about your usage of MetaCert, your account, and your payments through operating our services. We retain only enough Service Data to operate and maintain the services. These data are never used for any other purpose.
Service Data are kept confidential. It is visible to our staff and includes, but is not limited to, server logs, billing information, client IP addresses, company or family name, and email addresses. Service data includes the name and email address you provide us, as part of your account setup.
As long as you are using our services, we retain the right to hold and use Service Data to provide our services, troubleshoot problems, analyze the performance and demands on our services, and to provide our payment processors with the information they need to process payments.
We understand and accept our responsibility to protect Service Data and Secure Data. We use strict access control mechanisms, network isolation, and encryption to ensure that Secure and Service Data is only available to authorized personnel. Additionally, Secure Data cannot be decrypted even by those who do have access to it.
Administrative staff or employees of MetaCert may have access to your personal information for the purpose of performing services on behalf of MetaCert. All such agents or contractors who have access to your personal information have Data Processing and Confidentiality obligations to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for MetaCert.
Information collected from you is only used to complete and support your purchases from MetaCert and use of the Site and to comply with any requirements of law. MetaCert may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process served on MetaCert or this Site; (2) protect and defend the rights or property of MetaCert; or (3) act in urgent circumstances to protect the personal safety of users of MetaCert, its web sites or the public. We may collect and possibly share your information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our terms and conditions posted on Our Websites, or as otherwise required by law.
If MetaCert is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on Our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. We may also disclose your personal information to any other third-party with your prior consent.
MetaCert data are held on servers located within the European Union. Data originating in the European Union remains within the European Union. Service Data access is restricted to members of our staff residing in either the EU or the US.
Our customer support and email services are hosted primarily in the United States. Any information you choose send us through email or our customer support system may pass through and be stored on a variety of intermediate services.
Your Secure and Service data are held by third-party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. In many cases (but we cannot promise that this will always be the case) even Service data held by these entities is encrypted with keys held only by us.
Data needed to process payments is collected by our payment processor, Stripe, Inc., which conforms to the U.S.-E.U. Privacy Shield Framework. See https://stripe.com/privacy-shield-policy
We may use your contact information, that is, the contact email address provided by you, to communicate with you about Service activity, provide support, and send you other information such as product updates and announcements. You may choose to stop receiving communications from us, except certain important notifications such as billing and account security alerts.
You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. After your account has been deleted, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours. Disaster recovery and data availability requirements mean that MetaCert has a legitimate interest in maintaining secure and immutable backups. Backups are kept for 35 days. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
You can also make choices about collection and use of your data by MetaCert. You can control your personal data and exercise your data protection rights by contacting MetaCert at the address and information provided below. If you are an affiliate of an organization which provides you with the access to MetaCert account and services, there may be certain restrictions to the above, based on your affiliate organization’s privacy or other similar policies.
You may disable cookies in your browser and continue to use our services without impact. We do not use third-party trackers in our web browser extension.
Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Family account organizers and team owners are responsible for that authorization when they add someone under the age of 16 to an account.
We will comply with applicable laws and the contracts with our customers to provide Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not possess, and so we can only hand over Secure Data in encrypted form. Some Service Data is made available to family account organizers and team owners. In some limited circumstances we may provide some information to non-owner members of these accounts. Account owners will be informed in these circumstances.
In an event of a breach, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. We follow applicable requirements under the laws, that is, the US data privacy breach notification requirements and the requirements related to data breach notification under the GDPR.
When we offer MetaCert products and services to you through your organization, we continue to adhere to the privacy laws and the data protection requirements under the GDPR, in addition to any requirements under the contracts with your organization, to ensure that your data are located, and if applicable, appropriately transferred.
If you have any questions about this Policy, you can contact our support team at email@example.com
If you have concerns or complaints about this policy or practices with regard to that you do not feel you can resolve through contacting us, you should bring those concerns to your local regulatory authority.
For residents of the European Union, our primary Supervisory Authority is the Berlin Commissioner for Data Protection and Information Freedom.
Berliner Beauftragte für Datenschutz und Informationsfreiheit
10969 Berlin, Germany
Tel.: +49 30 13889-0
Fax: +49 30 2155050
Thanks for reading!