Privacy Notice

Last updated: July 3, 2026

Introduction

This Privacy Notice explains how Metiva B.V. (“Metiva”, “we”, “us”) collects, uses, and protects personal data when you visit our website, book a call, or use the Metiva platform. We are committed to privacy by design and to the EU General Data Protection Regulation (GDPR) and the Dutch implementing law (AVG).

This notice covers personal data we handle as a controller (for example, website visitors and prospects). Where we process personal data on behalf of a customer within their Metiva workspace, we act as a processor under that customer's instructions and Data Processing Agreement; the customer's own privacy notice governs that data.

Who We Are

Metiva B.V. is the controller of the personal data described in this notice and is registered in the Netherlands. You can reach us about privacy at privacy@metiva.io. Our Chamber of Commerce (KVK) and VAT details are available on request.

Data We Collect

Information you give us

  • Contact details (such as name, email, company, and phone) when you submit a form, book a demo or discovery call, or contact us;
  • Content of your messages and any information you choose to share with us.

Information we collect automatically

  • Usage data such as pages visited, time on page, scroll depth, and clicks;
  • Device and browser information, and approximate location derived from a truncated IP address;
  • Referral and campaign data (such as UTM parameters and click identifiers) to understand how you found us.

We do not intentionally collect special categories of personal data through our website, and we ask that you not submit them to us.

How We Use Data

  • To provide, operate, secure, and improve our website and the Services;
  • To respond to your enquiries and schedule demos or discovery calls;
  • To measure and improve the performance of our website and marketing;
  • To send updates or marketing where you have consented, with an easy way to opt out;
  • To comply with legal obligations and to protect our rights and the security of our systems.

Cookies & Consent

We use strictly necessary cookies to make the website work, and (only with your consent) analytics and marketing cookies. When you first visit, our consent banner lets you accept or decline non-essential cookies, and you can change your choice at any time through the cookie preferences. We operate consent on a deny-by-default basis and honour Google Consent Mode signals.

Analytics & Attribution

Metiva uses first-party, privacy-first analytics to understand how visitors interact with our website and to attribute marketing accurately. Where we or our customers de-anonymise website traffic, we do so at the company or account level, not the individual level, for EU traffic. Person-level identification only happens where an individual has provided consent, for example by submitting a form.

IP addresses are truncated before storage, and analytics data is aggregated wherever possible. We do not sell personal data and do not use it for third-party behavioural advertising.

Sharing & Sub-processors

We share personal data only as needed to run our business and provide the Services, with:

  • Service providers (sub-processors) such as hosting, database, email, and analytics providers who process data on our behalf under contract;
  • Advertising and measurement platforms, only to the extent you have consented;
  • Professional advisers, and authorities where required by law;
  • A successor entity in connection with a merger, acquisition, or sale of assets, subject to this notice.

We require our sub-processors to protect personal data and to use it only for the purposes we specify. A current list of sub-processors is available on request.

International Transfers

We aim to keep personal data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with supplementary measures where needed.

Data Retention

We keep personal data only for as long as necessary for the purposes described in this notice, to comply with legal obligations, or to resolve disputes. Enquiry and prospect data is kept for the period needed to follow up and for our legitimate business records; analytics data is kept in aggregated form. When data is no longer needed, we delete or anonymise it.

Security

We use technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and least-privilege practices. Passwords are stored only as salted hashes. For more detail, see our Security page. No system is perfectly secure, but we work continuously to protect your data and to respond to incidents.

Your Rights

Under the GDPR/AVG you have the right to:

  • Access the personal data we hold about you and receive a copy;
  • Rectify inaccurate or incomplete data;
  • Erase your data in certain circumstances;
  • Restrict or object to certain processing, including direct marketing;
  • Data portability, where processing is based on consent or contract and is automated;
  • Withdraw consent at any time, without affecting prior processing.

To exercise any right, email privacy@metiva.io. We will respond within the time limits required by law.

Children's Privacy

Our website and Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

Changes to This Notice

We may update this Privacy Notice from time to time. We will post the updated version here and change the “last updated” date above; material changes may be communicated more directly. Please review it periodically.

Contact & Complaints

For any privacy question or request, contact privacy@metiva.io. If you are in the Netherlands or the EU and believe we have not handled your data properly, you also have the right to lodge a complaint with a supervisory authority: in the Netherlands, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).