For answers to common GDPR and privacy related questions, please see our FAQ document here.
Metorik (referred to as "we" throughout this policy) are committed to protecting and respecting your privacy and keeping personal information secure. This policy applies to our core Metorik reporting software, our segmentation tools, our email marketing service (“Metorik Engage”), and any associated websites. Those websites are metorik.com (and its subdomains). All of these websites are referred to as 'our website' in this policy.
In order to ensure confidentiality and lawful processing of its, Visitors, Customers and Campaign Users personal data, Metorik in its capacity of a data controller and of a processor, conducts its activities in strict compliance with the requirements set in the Australia Privacy Act 1988 and GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of this data.
This policy sets out:
- details of the personal information that we may collect from you;
- information about how we use your personal information;
- information about the limited way we share your information with our partners;
- information about how we store your information; and
- information about your rights.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
Who is this policy addressed to?
For the purpose of data protection legislation (including the EU General Data Protection Regulation ('GDPR')), the data controller of your personal data is UJU Pty Ltd t/a Metorik (Australia - ABN 76 616 391 925).
When we refer in this policy to 'you', we are referring to a customer of our services, or a person visiting our website. We are not referring to your store's customers or the users our customers' stores. We refer to those people in this policy as 'Contacts'. We do not have any relationship with Contacts, and process information relating to them solely for the purposes of providing our service to our customers. When we refer to a 'marketing list' in this policy, we are referring to details of Contacts (including their email addresses) processed by us on your behalf to provide you with our Metorik service.
If you are a Contact and wish to cease receiving emails from one of our customers, please unsubscribe directly using the unsubscribe link in the customer's email message, or contact the customer directly.
If a Contact makes a direct request to be removed from the marketing list of one of our customers, we may do so on behalf of our customer, while providing notice to the customer of the Contact's request. We would only add them to your Metorik Engage unsubscribe list. They will still remain a contact/customer of your store. Our customer is the data controller in respect of Contacts' personal data, and Contacts should consult our customer's own Privacy Policy for details on the customer's data protection practices. We will never use and disclose the Contact email addresses to send our own informational and promotional content. We may conduct analysis on the events (such as bounces, unsubscribes, clicks, and opens) arising from emails sent using our service this will never be in relation to a specific Contact. It will always be on an aggregated and anonymised basis, which does not identify any individual Contact.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide to us. You may give us your information by filling in forms on our website or by corresponding with us by email, live chat, phone or otherwise. This includes information you provide when you register to use our service, respond to any surveys that we send to you to complete, and when you contact us for any reason. When you register for our service we will collect your username, email, password, and IP address. If you contact us, we may keep a record of any information contained in the correspondence.
- When you connect your store, after registering for our service, we will collect information about your store that we need in order to provide the Metorik service. This includes the name of your store, the website address, your store settings, and all of your store's orders, customers, subscriptions, products, categories, variations, and coupons (see 'Store data' below).
- With regard to each of your visits to our website, we will collect your IP address. This information is used for fraud and abuse detection. We also collect data from you for the purposes of retargeting – see the 'Retargeting' section below.
- Payment information: When using our paid service, you will be asked for financial details such as credit/debit card information. The processing of these payments is carried out by our payment processor, Stripe. We do not store any credit or debit card information on our servers. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. (This is the most stringent level of certification available). Their security assurances and Privacy Policy are available on their website.
How we use your personal information
We use information held about you for the following purposes:
- to provide you with information or services that you request from us, including responding to any requests for assistance with the service;
- to send you newsletters about our service and notify you about any changes to the service;
- to carry out our obligations arising from any contracts entered into between you and us;
- to administer our site and for internal operations, including troubleshooting;
- to help optimise and develop our service, for example through statistical analysis and research on your use of our service;
- as part of our efforts to keep our website safe and secure and to monitor actual or suspected fraudulent activity;
- and to carry out retargeting advertising (see “Retargeting” section below).
Retargeting
Our website uses retargeted advertising provided by Facebook and Google. As a result of this retargeting, you may see ads for our services on other sites such as Facebook.
This happens in one of two ways:
- Our retargeting provider will read a cookie that is already in your browser, or they will place an anonymous cookie or 'pixel' in your browser when you visit our site. This can only happen if your browser is set to let it happen – you can control your settings in your browser to stop this.
- We will use your email address to match Metorik ads to you when you browse other sites. This involves us sharing your email address with Facebook and Google. This form of retargeting is generally used to update you on new functionality added to the Metorik platform.
Similarly, we may also share your email with Facebook and Google to ensure that we don't present some Metorik ads to you, our existing customers.
Where we store your personal data
This is only in reference to your Metorik account profile data, not your store data. The account details and IP address that we collect from you are stored on our secure servers in the United States of America, by our hosting provider Linode. All the personal data we collect from you may be processed by our staff or those of our service providers:
- Linode (Servers)
- AWS (Servers)
- Stripe (Payment)
- GSuite (Google Apps)
- Help Scout (Email Support + Live Chat)
- ProfitWell (Reporting)
- Google Analytics (Reporting)
- Facebook Advertising
- Google Advertising
Such staff may be engaged in, among other things, the fulfilment of your services, and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
Your store data
When you connect your store to Metorik, we collect all of your store's data from your eCommerce platform (WooCommerce or Shopify), including:
- Orders
- Customers
- Subscriptions
- Products
- Categories
- Variations
- Coupons
- Settings (currency, timezone, plugins used, etc.)
This data is stored in the United States of America on the secure servers of Linode. We don't, under any circumstances, sell or share your store data. If you use Metorik Engage and someone on your Metorik Engage marketing list complains or contacts us, only then will we respond to that person. Only you, and our authorised employees, have access to view your store data, and we will only do so when assisting you with a support query or fixing a problem with our service.
You may export (download) your store data from Metorik at any time, by exporting data through the Metorik app, or contacting us directly.
We will never use or disclose the information of your contacts to send our own informational and promotional content.
We may conduct analysis on your use of the service and the results generated by your Metorik Engage emails sent by means of the service. This analysis is conducted solely on an aggregated and anonymised basis.
Ownership: As Metorik is just a layer on top of the store's data, the data is owned by the respective store and owners of the store. If you are an agency connecting a client's store, the store order data still ultimately belongs to the business who owns and operates the store.
Cookies
Our website uses cookies to distinguish you from other users of our website. The majority of these cookies are required to provide our service, ensuring you remain logged in to Metorik and that we can personalise the service offered. Cookies (or 'pixels' which are similar tracking mechanisms) are also used for retargeting purposes (see the “Retargeting” section above).
Additionally, the Metorik Helper plugin that you install on your store when connecting it to Metorik will store cookies in your customers/contact's browsers. These cookies are used so information about the customer's 'source' and 'session activity on your site' can be stored in your store's order data. When your store's orders are collected by Metorik, we will use that data to generate reports about the source of customers, as well as allow you to segment customers by their source and session activity.
Security
All information you provide to us is stored on our secure servers. Any payment transactions will be carried out by Stripe over encrypted connections using SSL technology (see the “Payment Information” section above). Where we have given you (or where you have chosen) a password or API key which enables you to access certain parts of our site, or you have invited team members to access parts of our site, you are responsible for keeping this password or API key confidential.
We also offer and encourage the use of 2FA (“Two-Factor Authentication”) for your Metorik account, which can be configured from the Metorik Settings here.
We take security very seriously, and 'privacy by design' is baked into our engineering and product development principles but as with any online service, despite our use of leading security tools and techniques, the personal data we hold about you can never be 100% immune from unauthorised access.
Disclosure of your information
We may disclose your personal information to any company under the same ownership as us.
We may disclose your personal information to selected third parties, including:
- in the event that we sell or buy any business or assets, the prospective seller or buyer of such business or asset;
- if Metorik or substantially all of its assets are acquired by a third party, to the relevant third party;
- business parties and subcontractors for the purposes of providing the Metorik services (please see our list of providers above); and
- analytics providers that assist us in the improvement and optimisation of our website; and
- law enforcement agencies or regulatory bodies; or other third parties for fraud detection and prevention. We will only do this is if we are legally required to do so.
Integrations with third parties
Metorik can be integrated with a number of different services through your Metorik store settings. If you do so, the third party may as a result receive your customer data, but only through your actions. For example, when you use the Zendesk app and view Metorik customer data within the Zendesk app interface. Information collected by these third parties is subject to their own terms and privacy policies.
Retention of your Personal Information
The periods for which we keep your information depend on why your information was collected and what we use it for. We will not keep your personal information for longer than necessary for our business purposes or for legal requirements.
Your store's data will be deleted automatically within 3 months of you ceasing to use our services (no active trial and no active subscription). Your personal user account will only be deleted if you request us to delete it or do not login for 5 years.
Legal basis for processing
We are required to state the legal basis on which we undertake processing of your personal information. We will only use your information where:
- We have your consent to do so; or
- We need to process the personal information to perform services for you under our terms and conditions of service.
- We have a legitimate interest in engaging in the provision of our Metorik service and in offering products and services of value to you.
Any consent you provide may be withdrawn at any time by emailing us.
Your rights
You have the right to request access to personal data that we may process about you.
You have the right to require us to correct any inaccuracies in your data, free of charge. If you wish to exercise this right, you should:
- put your request in an email to us;
- provide us with enough information to identify you (e.g. username or email address); and
- verify that you are the party that you're requesting the data of; and
- specify the information that is incorrect and what it should be replaced with.
You can access, correct, update or request deletion of your personal information at any time, either through your online account or by contacting us.
Deletion of data will be carried out on the understanding that removal of some information (e.g. email address) during an active membership term may negatively affect your ability to use the Metorik service.
We cannot delete any invoices, as these are kept for tax purposes.
You can request that we restrict processing of your personal information, object to processing of your information or request portability of your personal information. For these requests please contact us. We will comply with your request where your rights have been exercised in accordance with applicable laws.
If we have collected and processed your personal information with your consent, then you can withdraw that consent at any time. To be clear, we may still continue to process your data if we have a different legal basis for doing so (for example, if we are required by law to do so, or we need to do so for the purposes of fulfilling our obligations to you under our terms and conditions of service).
You also have the right to ask us to stop processing your personal data for direct marketing purposes. You can do this through your Metorik dashboard or via email. If you wish to exercise this right via email, you should:
- put your request in writing (an email with a header that says 'Unsubscribe' is acceptable);
- provide us with enough information to identify you (e.g email address); and
- verify that you are the party that you're requesting the data of; and
- if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g., email or telephone), please specify the channel you are objecting to.
Changes to privacy policy
We keep our privacy policy under regular review. If we change our privacy policy we will post the changes on this page, notify you, and place notices on other areas of the site, so that you may be aware of the information we collect and how we use it at all times.
Complaints
If you have any questions or comments regarding our use of your data, please contact us by email. If you make a complaint to us and think we have not dealt with it to your satisfaction, you may send your complaint to the Information Commissioner for investigation. For more information on the Information Commissioner, and how to make a complaint, please visit their website.
Metorik's Data Protection Officer
Metorik has a Data Protection Officer who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached here:
Attn: Data Protection Officer
help@metorik.com
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Our contact details
We welcome your feedback and questions. If you wish to contact us, please send an email to help@metorik.com.