Identification of all data, associated applications and storage
The Metooo service, for its basic functioning, needs to acquire the following data from users:
If the Metooo user sells tickets for a fee, and / or chooses to activate a paid PRO subscription, Metooo acquires additional data:
If Metooo user use the RSVP sending service to invite their contacts, Metooo acquires the contact details (Name, Surname, Email address) that are uploaded by the Metooo user on the Metooo platform.
If the Metooo user uses the personalized data acquisition service (administration of a questionnaire, form, etc ...) during the ticket sales checkout, the acquired data are stored by Metooo, which does not analyze the semantic data, but only performs the storage.
Data are acquired via desktop / mobile browser and / or app, and are stored in the Metooo database hosted on the Compose service.
Metooo can also acquire information on the geographical location of the user, by requesting consent to be provided on desktop / mobile and / or app browsers.
Determination of personal information that directly or indirectly identifies a subject
The data that can identify a subject are:
Determination of the supervisory authority and / or processing of identifiable personal information
Within Metooo, the supervisory authority and / or the processing of Identifiable Personal Information is assigned to the founder of Metooo who assumes the role of DPO.
The DPO has been designated according to the professional skills, and the ability to fulfill its tasks.
The DPO is promptly and adequately involved in all matters concerning the protection of personal data both by the data controller (the Metooo SRL company) and by the controller and the data subjects can contact the data protection officer for all matters relating to processing of their personal data and exercising their rights deriving from the GPDR.
The DPO enjoys wide autonomy and receives no instructions regarding the performance of its tasks.
Identification of business processes through the use of Identifiable Personal Information
Metooo internal business processes involving the use of Identifiable Personal Information are:
Identification of persons who interact with Identifiable Personal Information
Access to Identifiable Personal Information is allowed only to Metooo's technical staff, who accesses it only for purposes related to service maintenance and user support.
Access to non-technical personnel and to third parties outside the Metooo service is not permitted.
The data categories, business processes and their characteristics are managed in Metooo to ensure full compliance with the GDPR.
We have identified the following categories of data:
Some of these categories are Identifiable Personal Information:
The others data, on the other hand, represent non-identifiable information, neither viewed for the execution of the service, unless there is an explicit request for support send by the user to our Customer Care department.
The business processes that affect the categories of information are:
The user who sign up on Metooo explicitly approves every point of this list of use, in a clear and conscious way.
The priority followed in updating the service was in fact that of providing a simple and safe understanding system for each of the listed operations, with the possibility of adhering only to some. Naturally, there are operations (eg acquisition of VAT number) that are necessary for the execution of the service (eg ticket sales).
We have complete an impact assessment on any process at risk of violating the privacy rights of the data subject. The purpose of the assessment was to allow us to mitigate the identified risks as much as possible.
The evaluation report described below concerns:
We have identified the critical activities from the moment in which the first data considered as identifiable Personal Information is acquired: the user's email address, and his first name and surname.
This information is acquired only at the time of voluntary signup of the user on Metooo.
We have reviewed the data acquisition process, providing the user with greater clarity on the way data is acquired, and on the use that such data will be made within the Metooo Service.
We have carried out an in-depth check-up of our services to ensure that during the data acquisition phase no third parties intervene that can "steal" the data provided by the user.
We use the HTTPS protocol on every page of the metooo.io site in order to make the transmission of information between users and the platform secure, both through desktop browsers and mobile browsers.
The user of Metooo is therefore unharmed to the risks connected to the theft of financial data, because such data are not included among those acquired, processed and stored by Metooo.
With regard to the data collected by Metooo users, through the Metooo service, we have further improved the warning and protection systems we offer, both to our users and to our users’users.
In particular, we have improved the procedures for identifying spam actions carried out by our users, through the Metooo service, towards their contacts and / or users, providing both a clearer explanation of what is permitted and what is not allowed to do through the Metooo service, both by providing a signaling channel to which third parties can access to request checks on certain behaviors.
At the start date of the GPDR the Metooo service is to be considered compliant with the specific requests.
We have equipped ourselves with:
The archive of the processing activities of Identifiable Personal Information is the database hosted by the Compose service (www.compose.io) which stores user data and access logs to such data. It is always possible to precisely identify changes and methods of use of this data.
The database of data breaches is a database, hosted on our server where all possible data breaches will be noted, despite our maximum and constant commitment to protecting them.
The detailed evaluation of high-risk processing activities is contained in a database, hosted on our server, which lists all the activities that are carried out in Metooo, with relative evaulation of user identification, and related evaulation of risk in the loss and / or improper use of data.
We share your name, email address and your ticket type with event organisers for the purpose of effective event management. Event organisers may contact you from time to time with news or important announcements regarding the event you have registered for.
We encourage all event organisers to include an opt-in question on their booking page if they plan to contact attendees. Get Invited is not responsible for enforcing that event organisers are GDPR compliant, nor are we responsible for any misuse of data on behalf of the event organiser.
If you suspect that an event organiser is abusing your personal data, please contact us and we will do what we can to help.
For the purpose of tracking and measuring analytics on your service, we share your IP address with the following companies:
We never share or sell any of your personal data with any third party services that are not directly related to the operation of our service.
From time to time, we may send you email newsletters containing important news and updates to our service. For this, we share your email address with our third party email marketing service: Sendgrid.
We have an SSL Certificate installed on our server to ensure all data sent between your computer and our server is encrypted. We encrypt your email address and password. Your username, first name and last name are unencrypted.
If the email address you entered is the one you registered with, we will shortly send you an email with all the information to reset your password.