Privacy Policy

Privacy Policy
Effective December 7, 2023

Metamorfeus LLC and its global affiliates and subsidiaries (collectively, “Metamorfeus”) value your privacy. This Privacy Policy (“Policy”) describes how Metamorfeus collects, stores, uses, and discloses your Personal Data. This Policy is issued on behalf of Metamorfeus, so a reference to “we”, “us”, or “our” in this Policy is a reference to the relevant company in Metamorfeus that is responsible for processing your Personal Data.

Additional privacy information may be provided in offer descriptions, contractual terms, supplemental privacy statements or notices provided prior to or at the time of data collection. Certain Metamorfeus products and services may have additional specific privacy notices. In case of conflict, such specific privacy notices shall derogate from this general policy.

Please note that this Policy only governs Metamorfeus’s collection and processing of your Personal Data in the context of your direct interactions with Metamorfeus as an individual Data Subject and not as an employee or candidate of employment of Metamorfeus. Where you are the end-user of a Metamorfeus Product procured by your Organization, then your Organization’s own privacy policy is applicable to your use of that Product, and Metamorfeus will process your Personal Data in that context pursuant to the terms of the Data Processing Agreement in place between your Organization and Metamorfeus.

What Information Do We Collect About You and Why?
We may ask you to provide us with Personal Data about yourself in order to provide services to you. If you choose not to provide Personal Data that we have asked for, it may delay or prevent us from providing services to you. “Personal Data” means any information relating to an identified or identifiable individual (including “Personal Information” in the meaning of the California Consumer Privacy Act, “CCPA”, as defined in Subdivision (o) of the California Civil Code § 1798.140) We may collect the following different categories of Personal Data about you:

personal and business identifiers and contact information such as name, job title, company name, contact, shipping and billing information, phone number, email address, photographs, and contact preferences;

internet or other electronic network activity, i.e. technical data such as domain name, browser type and operating system, web pages you view; links you click; your device’s IP address; login data e.g. username, account number, password; the length of time you visit our Site and/or use our services; the URL or the webpage that led you to our Site; performance and usage data about your use of our products and services; data you provide to us to receive technical assistance or during customer service interactions; your personal or professional interests, demographics, experience with our products and contact preferences or completing any ‘free text’ boxes in our forms; and

commercial information, i.e. transactional data including credit card and payment data, transaction history.

Personal Data disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials (including third-party services and platforms). We also may record our telephone or other communications with you, to the extent permitted by applicable law.

Personal Data may be required to determine access eligibility for certain restricted parts of our Site or services. Personal Data about you collected on-line may be combined with information provided off-line or collected from trusted third party sources.

Information We Collect Directly From You or a Third Party. We collect Personal Data about you when you visit our website (“Site”), register or subscribe for our services, order our products or services, create an account on our Site, request marketing or publications to be sent to you, give us feedback on our services or our Site, sign up for an event or webinar, have phone calls with sales representatives, or when you contact customer support.

We also may collect Personal Data about you from third party sources, such as someone authorized by you to act on your behalf, third party services that you use that utilize or interact with our services, or where Personal Data has been provided by you at an event. We may also collect your Personal Data from other sources as and when permitted by applicable laws, such as public databases, joint marketing partners, and social media platforms.

Information We Collect Automatically, including via Cookies and Similar Tracking Technologies. We may automatically collect information about your use of our Site, online properties or services through cookies, web beacons, and other technologies. We may combine this information with other information that we have collected about you such as your user name. Please see our Cookie Policy and Metamorfeus Cookie Policy for more information.

In connection with your organization’s deployment of certain Services, we may automatically collect information in relation to your use of the Services. See the Metamorfeus Products and Services Notice for information regarding the types of data collected and used in connection with our provision of the Services. If you are an end user of Metamorfeus Services and you require more information regarding our data collection practices for Services deployed by your organization, please contact your IT administrator.

How Do We Use Your Information?
We use the information collected about you as appropriate and relevant for the following commercial purposes:

to register you as a new customer;

to enable you to order products or services, download software updates („Services“);

to provide services to you, including programs, online services and customer support;

to allow you to make requests, and register for customized communications programs;

to customize the content and information that we may send or display to you to administer the careers portion of the Site and process your job application;

for marketing and promotional purposes;

to assist us in advertising our products and services on third party websites;

to use after conferences and events

to post testimonials on our online properties and subject to your consent to use your name and testimonial

to interact on Third-Party social networks (subject to that network’s terms of use)

to provide online communities and blogs

to facilitate the delivery of education and training

to protect our employees and facilities as necessary to post testimonials on our online Properties

Such information may include among others, your name, location and business contact information, information related to the products you are using, preferences you have selected while visiting our website, messages content and network identifiers related to contacting us or using our website.

We use the information collected about you as appropriate and relevant for the following business purposes:

to better understand how users access and use our Site, products, and services and for other research and analytical purposes, including data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Site, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;

to manage our relationship with you which will include notifying you about changes to our terms or this Policy;

as we determine it to be necessary and appropriate, including:

under applicable law, including laws outside your country of residence;

to comply with legal process;

to enforce our terms and conditions;

to protect our operations or those of any of our affiliates;

to defend our legal claims; and

to protect our rights, privacy, safety, security, property, and/or that of our affiliates, you or others.

to facilitate the delivery of Services, including tracking entitlements, verifying compliance, controlling access to the Service, and maintaining the security and operational integrity of our IT infrastructure and our Services. See the Metamorfeus Products and Services Notice for details regarding the information We collect in connection with your use of the Services to provide quality control related to the properties and staff training

Such information may include among others, your name, location and business contact information, information related to the products you are using, preferences you have selected while visiting our website, messages content and network identifiers related to you contacting us or using our websites.

We will only process any special categories of Personal Data (“Sensitive Personal Data”) relating to you for specific purposes outlined above or in relevant supplemental notices, because either: 1. You have given us your explicit consent to process that information; or 2. The processing is necessary to carry out our obligations under employment, social security or social protection law; 3. The processing is necessary for the establishment, exercise or defense of legal claims; or 4. You have made the information public.

Biometric data
Metamorfeus does not collect, capture, possess, receive or process any biometric data such as retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry, and it expressly prohibits its customers from providing any such data to Metamorfeus.

Metamorfeus does provide certain multifactor authentication services to its customers, whereby a key pair with a public and a private key is created. The private key will remain on Customer’s device and the public key will be sent to Metamorfeus. If a Customer chooses to collect biometric data for authentication purposes from their end users, such biometric data will only be stored locally on Customer’s device, for use by Customer to access the private key created and retained on Customer’s physical device. Metamorfeus does not collect or have access to data that would be considered “biometric” and the public key does not derive or contain any biometric data. Metamorfeus only uses the public key to verify Customer end user’s identity. Customers may remove the public key through Metamorfeus’s self-service console or it will be deleted once the contract is terminated.

Legal Basis of Processing
In order to collect, use and otherwise process your Personal Data for the above listed commercial and business purposes, we may rely on the following legal bases as appropriate and relevant in the specific context:

Our legitimate interest in providing its websites and making the Services available to you, provided our interest is not outweighed by the risk of harm to your rights and freedoms.

Your consent, where we have obtained your consent to process your Personal Data for certain activities. You may withdraw your consent at any time by using the contextual preference tools available in the communications or in the user interfaces of the products and services we provide to you. Absent those, please contact us as explained below. However, please note that your withdrawal of consent will not affect the lawfulness of any use of your Personal Data by Metamorfeus based on your consent prior to withdrawal.

To fulfill any contractual obligations, such as where you have purchased a product or service from Metamorfeus. For example, we may require your contact details in order to deliver your order if you have purchased a product from us.

For compliance with Metamorfeus’s legal obligations where applicable laws require us to process your Personal Data.

If you have any questions or would like more information regarding the legal basis on which we collect your Personal Data, please review the supplemental privacy notice(s) of the products or services concerned, or contact us as explained below.

Processing Of Personal Data For The Purposes Of Fraud Prevention And Network and Information Security
On the basis of legitimate interest, we process Personal Data for fraud prevention and network and information security purposes. Pursuant to the EU General Data Protection Regulation (“GDPR”) and other applicable privacy legislation, organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate for the purposes of preventing fraud and ensuring network and information security. Network and information security means the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems.

Both as an organization in our own right, and as a provider of payment security services and cybersecurity technologies and services, it is in our legitimate interests as well as in our customers’, to collect and process Personal Data to the extent strictly necessary and proportionate for the purposes of preventing “Fraudulent Payment Transactions” and ensuring the security of our own, and of our customers’ payment transactions and information networks and systems. This includes the development of payment transaction records and of threat intelligence resources aimed at maintaining and improving on an ongoing basis our ability to detect Fraudulent Payment Transactions, and the ability of networks and systems to resist unlawful or malicious actions and other harmful events affecting information networks and systems (“Cyber-Threats”).

The Personal Data we process for the prevention of Fraudulent Payment Transactions include, without limitation:

Information related to electronic means of payment and related entitlements;

Information related to electronic payment transactions;

Contextual signals and indicators of suspected fraud;

Verification information to confirm or dispel suspected fraud; and

Evidence of suspected, detected and/or confirmed fraud.

The Personal Data we process for network and information security purposes include, without limitation, network traffic data related to Cyber-Threats such as:

sender email addresses (e.g., of sources of SPAM);

recipient email addresses (e.g., of victims of targeted email cyberattacks);

reply-to email addresses (e.g., as configured by cybercriminals sending malicious email);

filenames and execution paths (e.g., of malicious or otherwise harmful executable files attached to emails);

URLs and associated page titles (e.g., of web pages broadcasting or hosting malicious or otherwise harmful contents); and/or

IP addresses (e.g., of web servers and connected devices involved in the generation, distribution, conveyance, hosting, caching or other storage of Cyber-Threats such as malicious or otherwise harmful contents).

Depending on the context in which such data is collected, it may contain Personal Data concerning you or any other data subjects. However, in such cases, we will process the data concerned only to the extent strictly necessary and proportionate to the purposes of detecting, blocking, reporting and mitigating the Fraudulent Payment Transaction or Cyber-Threat of concern to you, and to all organizations relying on our products and services to secure their payment transactions, and information networks and systems. When processing Personal Data in this context, we will only seek to identify data subjects:

to the extent that it is an inherent part to the services that our customers hire us to perform for them, and as such it is strictly indispensable to the prevention of the fraud and/or the remediation of the Cyber-Threat concerned, or

if and as required by law.

If you believe that your Personal Data was unduly collected or is unduly processed by Metamorfeus for such purposes, please refer to the “Your Rights” and “Contact Us” sections below. Please be aware that if it is determined that Personal Data concerning you is processed by Metamorfeus because it is critical for the prevention of Fraudulent Payment Transactions, or the detection, blocking or mitigation of Cyber-Threats, then in certain cases the legitimate interest to pursue such processing may be compelling enough to override access, objection, rectification or erasure requests related to the data concerned.

Automated Individual Decision-Making And Profiling
Where Metamorfeus processes payment transaction security or network traffic data for the purpose of fraud prevention, respectively network and information security, automated decisions concerning particular payment transactions or cyber events may occasionally be made. This could involve in particular assigning relative payment fraud risk, respectively cybersecurity risk scores to ongoing or recent payment transactions, information network activities or system behaviors. Such automatically-assigned risk scores may be leveraged by you, by Metamorfeus, by our partners and by other customers to detect, block and mitigate the detected Fraudulent Payment Transaction or Cyber-Threat. They could therefore result in said partners and customers blocking payment transactions they deem to be fraudulent, halting network traffic coming from or going to suspected or known malicious addresses. Such processing is not intended to produce any other effect than protecting you, Metamorfeus, our partners and our other customers from fraudulent payment transactions, respectively Cyber-Threats. Should you nevertheless consider that such automated processing is unduly affecting you in a significant way, please contact directly the relevant data controller whose use of our products and services is thus impacting you. In case that data controller is Metamorfeus, please refer to the “Your Privacy Rights” and “Contact Us” sections of this Policy to raise your concerns and to seek our help in finding a satisfactory solution.

Processing Of Pseudonymous Data To Improve the Performance of Metamorfeus Hardware
Certain mobile devices equipped with a Metamorfeus GPS chip occasionally require querying Metamorfeus’s geolocation assistance server. At the user’s request when launching a geolocation service on their device, the chip will transmit to Metamorfeus over TCP/IP the device’s then-current broad city-level location. In response, the server will designate to the chip the then-relevant satellites to connect to. This service reduces the time needed for the chip to achieve accurate GPS location from about 15 minutes to less than 1 minute. Metamorfeus does not manually access, inspect, disclose, retain, correlate or reuse any of the data associated with this service. The logs related to this service only contain the dynamic IP address from which the device connected to the service, and these logs are purged on a rolling 24-hour basis. Metamorfeus is not in a position to identify any individual end-user based on the information involved in this service.

To Whom Do We Disclose Your Information And Why?
Metamorfeus does not sell or share, within the meaning of the California Privacy Rights Act, your personal information. We only disclose your information as described in this Policy. Metamorfeus processes your information for the purposes described in this policy, which include the above-listed commercial and business purposes in the meaning of the CCPA (see the “How Do We Use Your Information?” section above). We may disclose Personal Data collected about you as follows:

Metamorfeus Users. Your user name and any information that you post to our Site, including, without limitation, reviews, comments, pictures and text will be available to, and searchable by, all users of the Site.

Affiliates or Subsidiaries. Data we collect from you may be disclosed to our affiliates or subsidiaries.

Unaffiliated Third Parties. Certain data about you may be disclosed to select resellers and/or distributors, particularly if you or your company have purchased through a third party before.

Service Providers. Data we collect from you may be disclosed to third party vendors, service providers, contractors or agents who perform functions on our behalf. We may disclose aggregate or de-identified information about users to third parties for marketing, advertising, research, or similar purposes.

Please be advised that personal data collected through and for the purposes of user-requested alerts and service notifications, including and not limited to short code text messages in the U.S. and Canada, will not be disclosed, shared, sold or rented to any affiliated or unaffiliated third parties for marketing purposes.

Business Transfers. Data we have collected from you may be transferred to another company as part of a merger or acquisition by that company.

Consent. We may disclose your personal information for any other purpose with your consent.

Legal Obligations and Rights. We may disclose your Personal Data to any legally entitled recipients: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) to protect the rights of Metamorfeus or its employees; or (v) as otherwise permitted by applicable law.

If we disclose your Personal Data, to the extent reasonably practicable and permissible, we will require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.

When you visit a Metamorfeus website, third party targeting cookies, if any, will only be present if that is in accordance with our Cookie Policy and Metamorfeus Cookie Policy, and in line with your cookie choices. If you do not wish Metamorfeus to sell or share your data in the meaning of the California Privacy Rights Act with such third parties, you may use the Do Not Sell or Share button available in the website’s cookie management tool at any time.

What About Links To Other Websites?
Our Site and services may contain links to third party websites for your convenience. Any access to and use of such linked websites will cause you to leave the Site. Third party websites, even if potentially serving content co-branded by Metamorfeus, are not governed by this Policy, but instead are governed by their own privacy statements/policies. We recommend that you check the privacy statements/policies of every third party website you visit before providing any Personal Data. We do not control those third party websites and are not responsible for their content or their privacy policies. Thus, we do not endorse or make any legal representations about them. If you decide to access any of the third party websites linked to our Site, you do so entirely at your own risk.

How Do We Secure Your Personal Data?
We have implemented administrative, technical, physical, electronic, and managerial procedures to safeguard and secure the information we collect from loss, misuse, unauthorized access, disclosure, alteration, and destruction and to help maintain data accuracy and ensure that your Personal Data is used appropriately. Metamorfeus has an internal Global Customer Privacy Program. Its charter is to ensure appropriate privacy processes are in place in order to meet the practices outlined herein. Where Personal Data is processed by service providers on behalf of Metamorfeus, we take steps to require those vendors to also comply with applicable data protection laws.

How Long Do We Retain Your Personal Data?
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Policy and/or in applicable supplemental notices, unless a longer retention period is required by law.

Your Rights
Depending on where you live, you may have the following rights described below with respect to your Personal Data. In particular, if you are a United States resident, the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA) the Utah Consumer Privacy Act (UCPA) or the Connecticut Data Privacy Act (CTDPA) may apply to your information, we provide some or all of these disclosures and tools described in this Policy so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your information. To exercise your rights, you may:

make use of the self-serve tools available in the products or services you are using;

submit your privacy request via the Request Intake Form; or the Privacy Contact Form for requests related to Metamorfeus

contact your customer support representative.

It is our legal obligation to validate any request we receive before responding. The Request Intake Form linked above is specifically designed to ensure reliable and auditable request validation. Therefore we will not respond to requests that are not submitted and cannot be validated through this channel. If it is impossible for you to use any of the methods listed above, please contact the Privacy Office as indicated below to find a resolution.

Email and Marketing. In most instances, we give you options with regard to the Personal Data you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link located at the bottom of marketing emails; or (ii) checking certain boxes on our preference center which can also be found on certain forms we use to collect Personal Data.

Access. You may request information regarding Personal Data that we collect and hold about you and the source(s) of that information. To access your Personal Data, return to the product, service or web page where you originally entered it and follow the instructions in your user interface or on that web page. If you cannot access your information in this way, please submit your request through the appropriate Request Intake Portal indicated above. If none of these options applies, please contact us as described in the “How Can You Contact Us?” section below.

Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages particularly of the Site for a limited period of time. If you request a change to or deletion of your Personal Data, please note that we may still need to retain certain information for record-keeping purposes, and/or to complete any transactions that you began prior to requesting such change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Data provided until after the completion of such purchase). Some of your information may also remain within our systems and other records where necessary for compliance with applicable law.

You can request a copy of any Personal Data we hold about you, and of which you don’t already have a copy. This service is usually free of charge, although we have the right to charge a ‘reasonable fee’ in some circumstances;

Rectification. You have the right to request that we rectify any inaccuracies in relation to the Personal Data we hold about you;

Erasure. In some circumstances, you have the right to request the erasure of your Personal Data or object to the further processing of your information;

Restriction of Processing. In some circumstances, you have the right to require us to restrict processing of your Personal Data;

Objection. You have the right to object to any direct marketing or to other processing of your Personal Data based on our or on third parties’ legitimate interests, unless such interests are compelling enough to override your objection;

Not to be discriminated against for exercising any of your other privacy rights. You may exercise any of your rights in this section without us discriminating against you in any way. Note however that you may be subject to differentiated treatment if and to the extent that the exercise of your rights materially impacts our ability to provide certain services to you (e.g. if you request the deletion of your account information or access credentials, then we may no longer be able to grant you access to restricted areas of our websites). Such differentiated treatment is objectively justified and does not constitute discrimination.

Withdraw Consent. You have the right to withdraw consent to us processing your Personal Data. This will not affect the processing already carried out with your consent;

Not to be subject to decisions based on automated processing. In some circumstances, you have the right not to be subject to decisions based solely on automated processing, and to obtain the human review of any such decisions that significantly affect you (please refer to the earlier section on automated decision making); and

Complain. You have the right to lodge a complaint with a supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach our supervisory authority so please contact us in the first instance.

Competent Supervisory Authorities. We are a business that operates various activities across a number of jurisdictions.

Data subjects located in Europe who wish to contact a regulator regarding Metamorfeus’s handling of their Personal Data should contact:

In the EU27/EEA: the data protection authority of their place of residence;

In the United Kingdom: the UK Information Commissioner’s Office (“ICO”);

In Switzerland: the Federal Data Protection and Information Commissioner (“FDPIC”).

Data subjects located outside of Europe should contact:

In the United States, if in

California, the Office of the Attorney General at the State of California’s Department of Justice;

Colorado, the Office of the Attorney General

Connecticut, the Office of the Attorney General

Virginia, the Office of the Attorney General

Utah, the Office of the Attorney General

In other locations around the world, their local data protection authority.

What Choices Do You Have Regarding Our Use Of Your Personal Data?
We will not use or disclose your Personal Data in ways unrelated to the ones described above without first notifying you and offering a choice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your Personal Data without your knowledge or consent where it is required, or to the extent it is permitted by law.

We will also provide you the opportunity to let us know if you wish to opt out at any time of certain or all contact from us, and we will do our utmost reasonably to honor such requests. This choice will be offered at the bottom of our on-line or off-line communications to you as well as on many of our web registration pages. If you have any difficulty exercising your choices, please contact us.

How Can You Contact Us?
You may exercise your access rights as described in the “Your Rights” section above, as well as by visiting our Data Subject Request Intake portals referenced above.

Californian Consumers may also submit their requests over the phone by calling the following toll-free number: +1 (888) 914-9661 and providing the following PIN: 904 474.

We have also appointed a Global Privacy Officer who is responsible for matters relating to privacy and data protection. If you have questions or concerns about this Policy, or the privacy practices relating to our Site or services or wish to contact our Global Privacy Officer, please contact us using the details below:

Company name: Metamorfeus Inc.
Email address: data.privacy (at) Metamorfeus.com or the Privacy Contact Form for requests related to Metamorfeus
Postal address: 3200 Hillview Ave., Palo Alto, CA 94304

EU residents may also lodge a complaint with the data protection authority in the EU member state where they live, work or where an alleged infringement of applicable data protection law occurred.

What About Children?
We do not knowingly collect Personal Data relating to children. If you believe that we may have collected Personal Data from someone under the age of thirteen (13), or under the applicable age of consent in your country, without parental consent, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and address the issue promptly.

What About Californian “Shine the Light” Privacy Rights?
California law, under California Civil Code Section 1798.83 (known as the “Shine the Light” law), permits our established customers who are California residents to request information regarding the manner in which we disclose certain categories of your Personal Data to third parties, for the third parties’ direct marketing purposes. California law provides that you have the right to submit a request to Metamorfeus at its designated address and receive the following information:

The categories of information Metamorfeus disclosed to third parties for the third parties’ direct marketing purposes during the preceding calendar year;

The names and addresses of third parties that received such information; and

If the nature of a third party’s business cannot be reasonably determined from the third party’s name, examples of the products or services marketed.

You are entitled to receive a copy of this information up to one request per calendar year in a standardized format and the information will not be specific to you individually. Metamorfeus’s designated email address for such requests is the one indicated in the contact details above. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. Please allow up to thirty (30) days for a response.

How Are Cross-Border Transfers of Data Performed?

Subject to your permission or as permitted by law, the Personal Data that you provide to us may be transferred within Metamorfeus across state or country borders. This may be done to consolidate data storage or to simplify the management of customer information. We have adopted globally recognized privacy principles and only collect and/or transmit your Personal Data to the extent it is necessary to conduct business and perform requested services. Metamorfeus and its service providers comply with applicable legal requirements providing for adequate protection of Personal Data transferred to countries outside of the country of collection or residence.

In certain cases, where Personal Data is transferred to countries that are not offering an adequate level of Personal Data protection in relation to the country of collection or residence, such transfers are covered by alternate appropriate technical, organizational and contractual safeguards, specifically the Standard Contractual Clauses (issued by the European Commission or the UK’s Information Commissioner’s Office). If applicable to you, you may obtain copies of such safeguards by contacting us. Where local legislation requires your consent to perform international data transfers, the Company will request your consent prior to the transfer.

A list of Metamorfeus and its Third Parties and the purpose for which they process data can be found at Metamorfeus’s Third Party List and on Metamorfeus’s Sub-processor List.

What About Changes To This Privacy Policy?
This Privacy Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site. If we make any changes to this Policy that materially affect our practices with regard to the Personal Data we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site, or by sending you an e-mail message to the e-mail address you have provided.

Product-specific privacy information:

Products & Services Transparency Notices (Metamorfeus) and Privacy Datasheets (Metamorfeus)

Compliance with China’s Privacy Information Protection Law (PIPL), where applicable

In addition to the provisions of this policy, where PIPL is applicable, requiring a separate consent for the processing and transfer of personal data, we will notify you separately and provide you with the details of the overseas recipient, the type of data disclosed and the purposes.

In the case of customers, partners and other contacts, to the extent that PIPL is applicable, Overseas Recipients may include the organizations listed in the third party list that can be found here or other ICT service providers functioning as Metamorfeus’s data processors.

Under PIPL in addition to the rights listed above you also have the:

Right to explanation is the right to require the Company to further explain the rules of processing of your Data to the extent that they are unclear or not addressed in this Privacy Notice.

Right to transfer the Data the Company holds about you to another personal information processor as long as it is compliant under PIPL.