Privacy Policy

Metrikflow (MetricFlow UG)

Privacy Policy

Metrikflow (MetricFlow UG)

Data Privacy Policy for the platform metrikflow.com and app.metrikflow.com ("Platform")

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (hereinafter "GDPR") and other national data protection laws of EU countries and other applicable data protection laws is:

MetricFlow UG
Legal representative: Alessandro Nora
Bremerstr. 59
10551 Berlin
support@metrikflow.com

II. General Information About Data Processing

1. Extent of Processing Personal Data

We collect and use the personal data of users only if and to the extent necessary to provide a functional platform and deliver our content and services. Personal data is collected and used based on prior user consent, except in cases where obtaining consent is impractical and processing is permitted by applicable law. The types of data we process include:

Contact Data (e.g., email addresses, telephone numbers)
User Data (e.g., visited pages, interest in content, access times)
Meta/Communication Data (e.g., device information, IP addresses)
Company Data (e.g., company name, industry, size, and operational details for ESG assessments)

2. Legal Basis for Processing Personal Data

Art. 6(1)(a) GDPR: Processing based on user consent.
Art. 6(1)(b) GDPR: Processing necessary for contractual obligations.
Art. 6(1)(c) GDPR: Processing required for legal compliance.
Art. 6(1)(f) GDPR: Processing based on legitimate interests, including improving our platform and ensuring security.

3. Data Erasure and Storage Duration

Personal data is erased or anonymized when no longer required for the purposes for which it was collected. Data may be retained to meet legal obligations, enforce contractual rights, or for anonymized statistical analysis.

III. Platform Access and Log Files

1. Data Collection Upon Access

When users access our platform, our system automatically collects certain data to ensure security, stability, and functionality. This includes:

Visited pages and resources accessed
Browser type and version
Operating system
IP address
Date and time of access
Referring website

This data is temporarily stored in log files and deleted within 30 days unless retention is required for security or legal reasons.

IV. User Accounts and Additional Services

1. Account Registration

When users create an account, we collect and process:

Name
Email address
Password
Company name
Company address
Industry and company size
Optional details: phone numbers, additional addresses

2. Service-Related Data Processing

To process transactions and provide services, we may collect:

Order history
Payment information (processed securely by third-party providers)
Customer service interactions

Processing is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (service improvement).

3. Data Processing for Analytics and Market Insights

Metrikflow may process anonymized and aggregated customer data for:

Industry benchmarking and research
ESG trend analysis
Platform optimization and feature improvements
Statistical reporting

All anonymization ensures that no individual company or user can be identified. This processing is based on Art. 6(1)(f) GDPR (legitimate interest in improving services and providing industry insights).

V. Social Media and Third-Party Integrations

We maintain a presence on social networks (Facebook, LinkedIn, Instagram, Twitter) for communication and marketing purposes. Data processing on these platforms is subject to their respective privacy policies.

VI. Use of Cookies and Tracking Technologies

1. Essential and Functional Cookies

Used for platform functionality and security.
Based on Art. 6(1)(f) GDPR (legitimate interest).

2. Analytics and Marketing Cookies

Used for service improvement, personalization, and targeted advertising.
Requires user consent under Art. 6(1)(a) GDPR.
Users can manage preferences via browser settings or cookie consent tools.

VII. Analytics, Processing, and Marketing Services

1. Google Analytics, Google Tag Manager, Google Ads

We use Google services for tracking and performance measurement, ensuring that IP addresses are anonymized when possible.

2. Hotjar

We use Hotjar for behavioral analytics and usability optimization. Users may opt out via Hotjar’s opt-out page.

3. Stripe (Payment Processing)

Stripe processes payment data on our behalf under Art. 6(1)(b) GDPR (contract execution).

VIII. User Rights Under GDPR

Users have the right to:

Access personal data and receive a copy (Art. 15 GDPR). Requests will be processed within one month unless extended under GDPR provisions.
Rectification of inaccurate data (Art. 16 GDPR). Users can request corrections to any incorrect or incomplete personal data.
Erasure of personal data where legally permissible (Art. 17 GDPR). This includes cases where data is no longer necessary or consent is withdrawn.
Restrict processing in certain cases (Art. 18 GDPR). Users can request restricted processing if data accuracy is contested or processing is unlawful.
Data portability to another service provider (Art. 20 GDPR). Users may request to receive their data in a structured, machine-readable format.
Object to processing based on legitimate interests (Art. 21 GDPR). Users can object to data processing unless there are compelling legitimate grounds.
Withdraw consent at any time for consent-based processing (Art. 7(3) GDPR). Withdrawal does not affect prior lawful processing.
Automated Decision-Making and Profiling (Art. 22 GDPR). Users have the right not to be subject to automated decisions that significantly affect them unless legally required or explicitly consented to.
Right to be informed of data breaches (Art. 34 GDPR). In cases of high-risk data breaches affecting user rights, Metrikflow will notify affected users promptly.
Lodge a complaint with a supervisory authority (Art. 77 GDPR). Users can contact a data protection authority in their country of residence if they believe data processing violates GDPR.