Home
Privacy policy
Privacy policy
Last update: 2024-06-11
1. Metapic Sweden AB (Metapic)
Metapic is fully committed to protecting your right to privacy, keeping you updated as to how and Purpose we may process data about you, and informing you of corresponding rights. Rights under privacy legislation such as the GDPR and ePrivacy legislation, in addition to our own values and commitments to you.
This Privacy Policy covers the processing of personal data on Metapic's domain, https://metapic.com.
You may contact our DPO/Privacy team at dpo@metapic.com and/or privacy@metapic.com for any questions, concerns, or requests related to your personal data and rights.
This Privacy Policy covers the processing of personal data on Metapic's domain, https://metapic.com.
You may contact our DPO/Privacy team at dpo@metapic.com and/or privacy@metapic.com for any questions, concerns, or requests related to your personal data and rights.
2. Transparency
The purpose of this Privacy Policy is to help you understand Purpose we might need information about you and what rights you have to personal data we process about you. We aim to provide relevant information and describe activities that impact you the most.
That said, you have the right to request detailed information on all processing about you (see contact details above and read about your rights below in section 7).
This Privacy Policy describes Purpose and how we process information about you as a:
- Website visitor,
- Advertiser
- Influencer/creator
3. Important concepts and definitions
Personal data, in this context, means any information that tells us something about you (what the GDPR calls a data subject). In other words, both information that identifies you (such as your name, personal e-mail-address, or phone number) and information that can be connected to such identifiers (for instance: what settings you prefer on our website). As long as we can reasonably connect information we process to a person, we consider it personal data and apply strict data privacy principles to keep it safe, and to make sure it is used only for specific, informed and lawful purposes.
Advertisers use Metapic’s services to advertise through Metapic’s Creator network.
Influencers/Creators are individuals or companies that are a part of our Creator Network. Creators market Metapic’s advertiser’s products or services on their own social media accounts.
Website visitors are individuals who visit websites belonging to us.
Advertisers use Metapic’s services to advertise through Metapic’s Creator network.
Influencers/Creators are individuals or companies that are a part of our Creator Network. Creators market Metapic’s advertiser’s products or services on their own social media accounts.
Website visitors are individuals who visit websites belonging to us.
4. Purpose, how, and for how long we might process personal data about you:
Visitors to metapic.com
Purpose: Run the website and provide requested functions.
How: Through cookie technology, storing and retrieving information from your device.
Personal data: None (device info not connected to a person).
How long: Limited to provide functionality, deleted afterward.
Lawful basis: Necessary cookies (cannot be turned off).Advertisers
Analyzing website use:
Purpose: Improve content and functionality.
How: Unique identifier cookies for measuring website use.
Personal data: No identification of individual users.
How long: Until consent is revoked or up to 730 days.
Lawful basis: Consent.
Creating more relevant ads:
Purpose: Deliver relevant ads on the Facebook network.
How: Facebook Pixel first-party cookie tracking visits.
Personal data: Depends on Facebook settings.
How long: Until consent is revoked or up to 90 days.
Lawful basis: Consent
Advertisers:
Administration and communication to advertisers
Purpose: To administer advertiser’s account and send important information to advertisers.
How: Through various contact channels.Personal data: Name, title, email, telephone number.
How long: Reviewed and deleted every 12 months after contract termination if not needed any more.
Lawful basis: Contractual relationship/agreement
Financial administration
Purpose: In order to handle invoicing and payments correctly.
How: The information is used for communication and used as reference for invoicing and payments.
Personal data: Name, title, email, telephone number
How long: Up to 5-10 years depending on your resident country’s bookkeeping laws.
Lawful basis: Contractual relationship/agreement
Financial administration
Purpose: In order to handle invoicing and payments correctly.
How: The information is used for communication and used as reference for invoicing and payments.
Personal data: Name, title, email, telephone number
How long: Up to 5-10 years depending on your resident country’s bookkeeping laws.
Lawful basis: Contractual relationship/agreement
Influencers/ Creators
Payment of commissions and book-keeping
Purpose: To fulfill the agreement with our creators and fulfil the legal obligation of bookkeeping and tax laws.
How: To process payments and make sure we calculate the correct commissions as well as report information to tax authorities and document the payments in our bookkeeping.
Personal data: Name, address, personal identification number, date of birth, bank account details and email address.
How long: We store information regarding creators in accordance with local bookkeeping and tax laws.
Lawful basis: Contractual relationship/agreement and legal obligation.
Account management
Purpose: All registered influencers/creators have an account in our portal where they can log in.
How: To administer their account.
Personal data: Name, address, email address, username, images incl videos
How long: Until the Influencer/creator remove their account.
Lawful basis: Contractual relationship/agreement
Purpose: Run the website and provide requested functions.
How: Through cookie technology, storing and retrieving information from your device.
Personal data: None (device info not connected to a person).
How long: Limited to provide functionality, deleted afterward.
Lawful basis: Necessary cookies (cannot be turned off).Advertisers
Analyzing website use:
Purpose: Improve content and functionality.
How: Unique identifier cookies for measuring website use.
Personal data: No identification of individual users.
How long: Until consent is revoked or up to 730 days.
Lawful basis: Consent.
Creating more relevant ads:
Purpose: Deliver relevant ads on the Facebook network.
How: Facebook Pixel first-party cookie tracking visits.
Personal data: Depends on Facebook settings.
How long: Until consent is revoked or up to 90 days.
Lawful basis: Consent
Advertisers:
Administration and communication to advertisers
Purpose: To administer advertiser’s account and send important information to advertisers.
How: Through various contact channels.Personal data: Name, title, email, telephone number.
How long: Reviewed and deleted every 12 months after contract termination if not needed any more.
Lawful basis: Contractual relationship/agreement
Financial administration
Purpose: In order to handle invoicing and payments correctly.
How: The information is used for communication and used as reference for invoicing and payments.
Personal data: Name, title, email, telephone number
How long: Up to 5-10 years depending on your resident country’s bookkeeping laws.
Lawful basis: Contractual relationship/agreement
Financial administration
Purpose: In order to handle invoicing and payments correctly.
How: The information is used for communication and used as reference for invoicing and payments.
Personal data: Name, title, email, telephone number
How long: Up to 5-10 years depending on your resident country’s bookkeeping laws.
Lawful basis: Contractual relationship/agreement
Influencers/ Creators
Payment of commissions and book-keeping
Purpose: To fulfill the agreement with our creators and fulfil the legal obligation of bookkeeping and tax laws.
How: To process payments and make sure we calculate the correct commissions as well as report information to tax authorities and document the payments in our bookkeeping.
Personal data: Name, address, personal identification number, date of birth, bank account details and email address.
How long: We store information regarding creators in accordance with local bookkeeping and tax laws.
Lawful basis: Contractual relationship/agreement and legal obligation.
Account management
Purpose: All registered influencers/creators have an account in our portal where they can log in.
How: To administer their account.
Personal data: Name, address, email address, username, images incl videos
How long: Until the Influencer/creator remove their account.
Lawful basis: Contractual relationship/agreement
5. Who does Metapic disclose your personal data to:
Your personal data may be transferred to, and processed by:
- Subprocessors and other data controllers
Subprocessors are companies that act only on our specific instructions, and which do not process or in any way use your personal data for their own purposes. We have signed a data processing agreement with all of our processors.
Categories of subprocessors:
- IT-hosting/Cloud hosting providers
- CRM system provider
- Email system provider
- Payment system providers/Banks
- ERP-provider
Other Controllers
- Tax Authorities, for compliance with local tax laws and regulations. Only for data subjects in Sweden and Norway.
Third country transfers
For any of the purposes described herein, personal data may be transferred to our processors, business partners and other controllers outside of the EU/EEA (‘a third country’). We have strict guidelines to check that those recipients, which are handling your personal data, are doing so in a lawful and secure way in accordance with the data protection legislation.
This means that we ensure that the transfer is only made to countries where the recipients have made sure that there is either an Adequacy Decision in place from the EU Commission, or that another approved transfer mechanism under the GDPR, including standard contractual clauses ((EU) 2021/914), have been put into place.
For example, the UK, which we transfer data to, holds an Adequacy Decision. Should any of the recipients reside in a country without adequate legal protection for personal data, we will make sure the recipient adopts appropriate safeguards and enter contractual arrangements with the recipient of the personal data.
You have a right to know when we transfer personal data to a third country and the appropriate safeguards relating to the transfer.
For any of the purposes described herein, personal data may be transferred to our processors, business partners and other controllers outside of the EU/EEA (‘a third country’). We have strict guidelines to check that those recipients, which are handling your personal data, are doing so in a lawful and secure way in accordance with the data protection legislation.
This means that we ensure that the transfer is only made to countries where the recipients have made sure that there is either an Adequacy Decision in place from the EU Commission, or that another approved transfer mechanism under the GDPR, including standard contractual clauses ((EU) 2021/914), have been put into place.
For example, the UK, which we transfer data to, holds an Adequacy Decision. Should any of the recipients reside in a country without adequate legal protection for personal data, we will make sure the recipient adopts appropriate safeguards and enter contractual arrangements with the recipient of the personal data.
You have a right to know when we transfer personal data to a third country and the appropriate safeguards relating to the transfer.
6. How Metapic protects your personal data:
We are dedicated to maintaining the security of personal data and preventing unauthorized access or loss of data through the implementation of appropriate technical and organizational measures, as far as it is reasonably possible. Such security measures also include that personal data are accessed only by a limited number of persons within Metapic.
Our employees must comply with our security standard and they are all bound by confidentiality clauses. GDPR and information security staff trainings are performed annually. When we occasionally use third-party contractors to perform tasks that might otherwise be performed by our employees, these contractors are contractually bound to similar restrictions as our employees.
We have signed data processor agreements (DPAs) with all our subprocessors, and we require the same level of technical and organisational measures from them as we have in Metapic, in order to safeguard your personal data.
Our employees must comply with our security standard and they are all bound by confidentiality clauses. GDPR and information security staff trainings are performed annually. When we occasionally use third-party contractors to perform tasks that might otherwise be performed by our employees, these contractors are contractually bound to similar restrictions as our employees.
We have signed data processor agreements (DPAs) with all our subprocessors, and we require the same level of technical and organisational measures from them as we have in Metapic, in order to safeguard your personal data.
7. Your privacy rights:
You have several privacy rights that you can exercise. The following is a summary of these rights. To exercise your rights please contact us by using the contact details below. Please not that all rights are not applicable for all processing of personal data, some are restricted to certain lawful basis (see each processing activity above for which lawful basis is applicable). One of your rights is the right to information which we do our best to meet by this Privacy Policy.
- We will rectify any incorrect information upon request.
- You can request us to erase your personal data. We will then assess which information we can erase, since some information might be necessary for us to keep. For example personal data processed based on your consent can be deleted, but not information we need to fulfil our commitment under the agreement with you or your employer.
- You also have the right to object to the processing of your personal data based on the lawful basis legitimate interest. If we process your personal data for direct marketing purposes, we will cease to do so directly. For other purposes we will assess whether we have compelling legitimate grounds for continued processing or not, in your particular case.You may request a copy of the personal data that we hold about you via a "Data Subject Access Request". A Data Subject Access Request will include a confirmation whether we process your personal data or not, and if that is the case you will receive a copy of what personal data we process about you, together with information on where such information has been collected, for which purpose the information is being processed, and information on any recipients of your personal data.
- You have the right to request that we restrict our processing of your personal data under the following circumstances:
- The accuracy of the personal data is under examination,
- The processing is unlawful or no longer necessary, but you oppose erasure of the data,
- We no longer need the personal data, but it is necessary for us to keep the personal data for you to be able to establish, exercise of defend a legal claim,
- You have objected to the processing of your personal data and such objection is under verification.
- If we process your personal data based on consent or contract and we have received the personal data from you, digitally, you have a right to request us to export that data, which is called data portability.
- You also have the right to lodge a complaint to the Data Protection Authority (Supervisory Authority) in the EU Member state you live, if you think that we have not respected your data privacy rights or processed your personal data wrongfully. Here you will find the contact details to the Supervisory Authorities in each EU member state.
- If you have any comments or questions about our processing, we would like you to contact us first, so that we have a chance to help you and answer your questions.
When you request to exercise your rights, we will first identify you in order to ensure that we give the correct information to you, and only you. How the identification process is performed depends on what personal data we process about you. We will then process your request without undue delay and at latest reply to your request within a month or explain to you if and Purpose it takes longer
Categories of subprocessors:
- IT-hosting/Cloud hosting providers
- CRM system provider
- Email system provider
- Payment system providers/Banks
- ERP-provider
Other Controllers
- Tax Authorities, for compliance with local tax laws and regulations. Only for data subjects in Sweden and Norway.
8. Contact details to us and Supervisory Authorities
For general inquiries and questions concerning this Privacy Policy or how we process personal data, please send an e-mail to one of to the following addresses:
Send an e-mail if you want to exercise one of your rights, such as:
- Request that Metapic rectify certain personal data held on you,
- Have a Data Subject Access Request (want a record of what specific data is processed about you),
- Want Metapic to delete your personal data where possible.
- Please provide relevant details including country you signed up with in your e-mail for us to be able to process your request or inquiry as promptly as possible.
If you have any comments or questions about our processing, we would like you to contact us first, so that we have a chance to help you and answer your questions. You always have the right to contact the Supervisory Authority if you feel we have processed your personal data wrongly. You will find the EU Supervisory Authorities Here.
9. What type of cookies does Metapic use?
The table below explain the cookies we use and Purpose we use them their purpose.
More information about the cookies can be found i our cookie notice, at www.metapic.com.
Cookie name
Description
Storage time
Type of cookie
i18n_redirected
Cookie used for browser language detection to redirect web visitor to preferred language.
1 year
Functional cookie
laravel_session
Laravel uses laravel_session to identify a session instance for a user.
2 years
Necessary cookie
_ga_*
Google Analytics sets this cookie to store and count page views.
2 years
Analytics cookie
_ga
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
2 years
Necessary cookie
_fbp
Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
3 months
Marketing cookie
cookiehub
Store cookie consent preferences.
1 year
Functional cookie
_hstc
This cookie is associated with websites built on the HubSpot platform. This is the main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
180 days
Analytical cookie
hubspotutk
This cookie is associated with websites built on the HubSpot platform. This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
2 years
Analytical cookie
_hssrc
This cookie is associated with websites built on the HubSpot platform. This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
session
Analytical cookie
_hssc
This cookie is associated with websites built on the HubSpot platform. This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
1 hour
Analytical cookie