1. Data Controller
Metrica Uno SL is the data controller responsible for your personal data.
- Company: Metrica Uno SL
- CIF: B98566852
- Address: Av. Ingeniero Jose Luis Prats, 41703 Dos Hermanas, Spain
- Contact: privacy@metrica.uno
2. Data We Collect
2.1 Data you provide
- Account information: Name, email address, password
- Organization information: Company name, industry, size
- Assessment data: AI system information, compliance responses, evidence documents
- Payment information: Billing details (collected and processed by Paddle)
- Contact information: Email address when you contact us
2.2 Data collected automatically
- Technical data: IP address, browser type, device information
- Usage data: Pages visited, features used, time spent
- Log data: Access times, error logs, referral source
3. How We Use Your Data
We process your data for the following purposes:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Providing our AI compliance assessment services | Contract performance |
| Processing subscriptions and payments | Contract performance |
| Sending service-related communications | Contract performance |
| Generating compliance reports | Contract performance |
| Responding to your inquiries | Legitimate interest |
| Improving our platform and services | Legitimate interest |
| Ensuring platform security | Legitimate interest |
| Complying with legal obligations | Legal obligation |
4. Payment Processing
Subscriptions are processed by Paddle (Paddle.com Market Limited), who acts as our Merchant of Record. Paddle collects and processes payment information according to their own privacy policy. We do not store your payment card details.
Paddle's privacy policy: https://www.paddle.com/legal/privacy
5. Data Sharing
We share your data only with:
- Paddle: Payment processing and subscription management
- Hosting providers: Cloud infrastructure (technical operation only)
- Analytics: Privacy-friendly analytics (no personal data shared)
We do NOT sell your personal data to third parties.
6. International Transfers
Your data may be transferred outside the EEA only where appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions). Our primary infrastructure is located within the European Union.
7. Data Retention
We retain your data for:
- Account data: Duration of account plus 30 days after deletion
- Assessment data: Duration of subscription plus 30 days
- Payment records: 6 years (Spanish tax law requirement)
- Contact inquiries: 2 years after last contact
- Technical logs: 90 days
8. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a portable format
- Object: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent
To exercise these rights, contact us at: privacy@metrica.uno
We will respond within 30 days.
9. Data Export
You can export your assessment data at any time from your account settings. Exported data is provided in standard formats (CSV, PDF) for portability.
10. Cookies
Our platform uses essential cookies for authentication and basic functionality. We do not use tracking or advertising cookies without your consent.
For analytics, we use privacy-friendly solutions that do not require cookie consent under GDPR.
11. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- HTTPS encryption for all data in transit
- Encryption at rest for sensitive data
- Secure payment processing via Paddle
- Role-based access controls
- Regular security assessments
- Employee training on data protection
12. Children's Privacy
Our services are intended for business use and not directed at children under 16. We do not knowingly collect data from children.
13. Complaints
If you believe we have violated your data protection rights, you may lodge a complaint with the Spanish Data Protection Authority (AEPD):
- Website: https://www.aepd.es
- Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
14. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or through our platform. Changes will be posted on this page with an updated revision date.
15. Contact
For privacy-related questions:
- Email: privacy@metrica.uno
- Address: Av. Ingeniero Jose Luis Prats, 41703 Dos Hermanas, Spain