Privacy Notice
Last updated: July 3, 2026
Introduction
This Privacy Notice explains how Metiva B.V. (“Metiva”, “we”, “us”) collects, uses, and protects personal data when you visit our website, book a call, or use the Metiva platform. We are committed to privacy by design and to the EU General Data Protection Regulation (GDPR) and the Dutch implementing law (AVG).
This notice covers personal data we handle as a controller (for example, website visitors and prospects). Where we process personal data on behalf of a customer within their Metiva workspace, we act as a processor under that customer's instructions and Data Processing Agreement; the customer's own privacy notice governs that data.
Who We Are
Metiva B.V. is the controller of the personal data described in this notice and is registered in the Netherlands. You can reach us about privacy at privacy@metiva.io. Our Chamber of Commerce (KVK) and VAT details are available on request.
Data We Collect
Information you give us
- Contact details (such as name, email, company, and phone) when you submit a form, book a demo or discovery call, or contact us;
- Content of your messages and any information you choose to share with us.
Information we collect automatically
- Usage data such as pages visited, time on page, scroll depth, and clicks;
- Device and browser information, and approximate location derived from a truncated IP address;
- Referral and campaign data (such as UTM parameters and click identifiers) to understand how you found us.
We do not intentionally collect special categories of personal data through our website, and we ask that you not submit them to us.
How We Use Data
- To provide, operate, secure, and improve our website and the Services;
- To respond to your enquiries and schedule demos or discovery calls;
- To measure and improve the performance of our website and marketing;
- To send updates or marketing where you have consented, with an easy way to opt out;
- To comply with legal obligations and to protect our rights and the security of our systems.
Legal Bases (GDPR Article 6)
We rely on the following legal bases to process personal data:
- Consent: for non-essential cookies, analytics, and marketing communications (you can withdraw consent at any time);
- Contract: to take steps at your request before entering into a contract and to provide the Services;
- Legitimate interests: to run, secure, and improve our website and business, balanced against your rights;
- Legal obligation: where processing is required to comply with the law.
Analytics & Attribution
Metiva uses first-party, privacy-first analytics to understand how visitors interact with our website and to attribute marketing accurately. Where we or our customers de-anonymise website traffic, we do so at the company or account level, not the individual level, for EU traffic. Person-level identification only happens where an individual has provided consent, for example by submitting a form.
IP addresses are truncated before storage, and analytics data is aggregated wherever possible. We do not sell personal data and do not use it for third-party behavioural advertising.
International Transfers
We aim to keep personal data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with supplementary measures where needed.
Data Retention
We keep personal data only for as long as necessary for the purposes described in this notice, to comply with legal obligations, or to resolve disputes. Enquiry and prospect data is kept for the period needed to follow up and for our legitimate business records; analytics data is kept in aggregated form. When data is no longer needed, we delete or anonymise it.
Security
We use technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and least-privilege practices. Passwords are stored only as salted hashes. For more detail, see our Security page. No system is perfectly secure, but we work continuously to protect your data and to respond to incidents.
Your Rights
Under the GDPR/AVG you have the right to:
- Access the personal data we hold about you and receive a copy;
- Rectify inaccurate or incomplete data;
- Erase your data in certain circumstances;
- Restrict or object to certain processing, including direct marketing;
- Data portability, where processing is based on consent or contract and is automated;
- Withdraw consent at any time, without affecting prior processing.
To exercise any right, email privacy@metiva.io. We will respond within the time limits required by law.
Children's Privacy
Our website and Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.
Changes to This Notice
We may update this Privacy Notice from time to time. We will post the updated version here and change the “last updated” date above; material changes may be communicated more directly. Please review it periodically.
Contact & Complaints
For any privacy question or request, contact privacy@metiva.io. If you are in the Netherlands or the EU and believe we have not handled your data properly, you also have the right to lodge a complaint with a supervisory authority: in the Netherlands, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).