1. GPDR - Initial Evaluation

  • Identification of all data, associated applications and storage
  • Determination of personal information that directly or indirectly identifies a subject
  • Determination of the supervisory authority and / or the processing of Identifiable Personal Information
  • Identification of business processes through the use of Identifiable Personal Information
  • Identification of persons who interact with Identifiable Personal Information

Identification of all data, associated applications and storage

The Metooo service, for its basic functioning, needs to acquire the following data from users:

  • First name
  • Surname
  • Email address

If the Metooo user sells tickets for a fee, and / or chooses to activate a paid PRO subscription, Metooo acquires additional data:

  • email address of the PayPal account and / or Stripe of the user, necessary for the user to sell their tickets and / or can subscribe to a paid subscription PRO
  • the user's billing profile (Name, Surname, Fiscal Code and / or VAT number) necessary to be able to sell the tickets and to receive a commercial invoice for the commissions paid to Metooo on the paid tickets and / or to receive commercial invoice from Metooo.

If Metooo user use the RSVP sending service to invite their contacts, Metooo acquires the contact details (Name, Surname, Email address) that are uploaded by the Metooo user on the Metooo platform.

If the Metooo user uses the personalized data acquisition service (administration of a questionnaire, form, etc ...) during the ticket sales checkout, the acquired data are stored by Metooo, which does not analyze the semantic data, but only performs the storage.

Data are acquired via desktop / mobile browser and / or app, and are stored in the Metooo database hosted on the Compose service.

Metooo can also acquire information on the geographical location of the user, by requesting consent to be provided on desktop / mobile and / or app browsers.

Determination of personal information that directly or indirectly identifies a subject

The data that can identify a subject are:

  • First name
  • Surname
  • Email address
  • Billing profile
  • PayPal and / or Stripe account

Determination of the supervisory authority and / or processing of identifiable personal information

Within Metooo, the supervisory authority and / or the processing of Identifiable Personal Information is assigned to the founder of Metooo who assumes the role of DPO.

The DPO has been designated according to the professional skills, and the ability to fulfill its tasks.

The DPO is promptly and adequately involved in all matters concerning the protection of personal data both by the data controller (the Metooo SRL company) and by the controller and the data subjects can contact the data protection officer for all matters relating to processing of their personal data and exercising their rights deriving from the GPDR.

The DPO enjoys wide autonomy and receives no instructions regarding the performance of its tasks.

Identification of business processes through the use of Identifiable Personal Information

Metooo internal business processes involving the use of Identifiable Personal Information are:

  • user registration
  • user login
  • ticket sales
  • sending invoices for fees on ticket sales
  • sending RSVP emails
  • sending service communications
  • sending content for storytelling
  • ticket checkin
  • refund of tickets
  • refund of fees

Identification of persons who interact with Identifiable Personal Information

Access to Identifiable Personal Information is allowed only to Metooo's technical staff, who accesses it only for purposes related to service maintenance and user support.

Access to non-technical personnel and to third parties outside the Metooo service is not permitted.


2. GPDR - Identification of compliance priorities

The data categories, business processes and their characteristics are managed in Metooo to ensure full compliance with the GDPR.

We have identified the following categories of data:

  • User name and surname
  • User email
  • User tax code
  • User VAT number
  • PayPal user account address
  • User Stripe account address
  • Name and surname of people invited by the user
  • Email address of people invited by the user
  • Messages sent and received by the user
  • Other data of varied nature collected by the user through questionnaires, interviews and collection forms and storytelling system used by the user through the Metooo service

Some of these categories are Identifiable Personal Information:

  • User name and surname
  • User email
  • User tax code
  • User VAT number
  • PayPal user account address
  • User Stripe account address
  • Name and surname of people invited by the user
  • Email address of people invited by the user

The others data, on the other hand, represent non-identifiable information, neither viewed for the execution of the service, unless there is an explicit request for support send by the user to our Customer Care department.

The business processes that affect the categories of information are:

  • new user registration
  • user login
  • ticket sales (free, paid, donation and merchandising)
  • sending RSVP invitations
  • sending communications to the participants
  • Participant checkin
  • storytelling
  • user support
  • sending technical communications to the user
  • sending service communications to the user
  • sending promotions to the user

The user who sign up on Metooo explicitly approves every point of this list of use, in a clear and conscious way.

The priority followed in updating the service was in fact that of providing a simple and safe understanding system for each of the listed operations, with the possibility of adhering only to some. Naturally, there are operations (eg acquisition of VAT number) that are necessary for the execution of the service (eg ticket sales).


3. GPDR - Evaluation of the Data Protection Impact (DPIA: Data Protection Impact Assessment)

We have complete an impact assessment on any process at risk of violating the privacy rights of the data subject. The purpose of the assessment was to allow us to mitigate the identified risks as much as possible.

The evaluation report described below concerns:

  • Description of control activities and / or processing of Identifiable Personal Information
  • Evaluation of the impact on the rights of data subjects
  • Measures taken to limit the impact

We have identified the critical activities from the moment in which the first data considered as identifiable Personal Information is acquired: the user's email address, and his first name and surname.

This information is acquired only at the time of voluntary signup of the user on Metooo.

We have reviewed the data acquisition process, providing the user with greater clarity on the way data is acquired, and on the use that such data will be made within the Metooo Service.

We have carried out an in-depth check-up of our services to ensure that during the data acquisition phase no third parties intervene that can "steal" the data provided by the user.

We use the HTTPS protocol on every page of the metooo.io site in order to make the transmission of information between users and the platform secure, both through desktop browsers and mobile browsers.

We do not store sensitive financial data, such as the number and expiry date of the user's credit card, within Metooo and the services included. For reasons of superior security, we do not provide an internal gateway for the management of financial transactions related to the sale, reimbursement and payment of ticket commissions. We use only clearly identifiable third-party services: PayPal and Stripe. The user is made aware of the possible use of third-party services in a comprehensive manner. The connection between Metooo and third-party services takes place in a secure manner. For further information, you can consult the Privacy Policy of third-party services.

The user of Metooo is therefore unharmed to the risks connected to the theft of financial data, because such data are not included among those acquired, processed and stored by Metooo.

With regard to the data collected by Metooo users, through the Metooo service, we have further improved the warning and protection systems we offer, both to our users and to our users’users.

In particular, we have improved the procedures for identifying spam actions carried out by our users, through the Metooo service, towards their contacts and / or users, providing both a clearer explanation of what is permitted and what is not allowed to do through the Metooo service, both by providing a signaling channel to which third parties can access to request checks on certain behaviors.


4. GPDR - Declaration of compliance

At the start date of the GPDR the Metooo service is to be considered compliant with the specific requests.

We have equipped ourselves with:

  • archive of the processing activities of Identifiable Personal Information;
  • archive of data breaches;
  • detailed assessment of high-risk processing activities;
  • contractual details between our organization and third-party providers who process and / or control data on our behalf.

The archive of the processing activities of Identifiable Personal Information is the database hosted by the Compose service (www.compose.io) which stores user data and access logs to such data. It is always possible to precisely identify changes and methods of use of this data.

The database of data breaches is a database, hosted on our server where all possible data breaches will be noted, despite our maximum and constant commitment to protecting them.

The detailed evaluation of high-risk processing activities is contained in a database, hosted on our server, which lists all the activities that are carried out in Metooo, with relative evaulation of user identification, and related evaulation of risk in the loss and / or improper use of data.


5. GDRP - Sharing Your Data

We share your name, email address and your ticket type with event organisers for the purpose of effective event management. Event organisers may contact you from time to time with news or important announcements regarding the event you have registered for.

We encourage all event organisers to include an opt-in question on their booking page if they plan to contact attendees. Get Invited is not responsible for enforcing that event organisers are GDPR compliant, nor are we responsible for any misuse of data on behalf of the event organiser.

If you suspect that an event organiser is abusing your personal data, please contact us and we will do what we can to help.

For the purpose of tracking and measuring analytics on your service, we share your IP address with the following companies:

  • Google Analytics
  • Hotjar
  • Facebook

We never share or sell any of your personal data with any third party services that are not directly related to the operation of our service.

From time to time, we may send you email newsletters containing important news and updates to our service. For this, we share your email address with our third party email marketing service: Sendgrid.

We have an SSL Certificate installed on our server to ensure all data sent between your computer and our server is encrypted. We encrypt your email address and password. Your username, first name and last name are unencrypted.

Get started

have an account? log in

Recover password

have an account? log in

Log in

password lost? recover

By signing up, you agree to Metooo's terms of service and privacy policy and consent to receive marketing communications from Metooo.

do not have an account? register

Metooo uses cookies. This information is used to improve service and understand your interests.
By using our services, you agree to the use of cookies. Click here to learn more.