Metricool: Tool for managing accounts and advertising campaigns on social networks, with access to different features and/or services depending on the subscription plan hired and provided through the website https://metricool.com/ and/or the application of Metricool.
METRICOOL SOFTWARE: Metricool’s owner company and whose data is listed below.
Administrator: Professional or company (Community Managers, Social Media Managers, advertising or digital marketing agencies, etc.) that manages third-party accounts or their own accounts on social networks using Metricool.
Brand: Natural or legal person who hires the services of the Administrator for the management of their accounts on social networks through Metricool.
1. Information about the personal data controller
If you register as an Administrator of Metricool to manage social media accounts of the Brands, or if you provide us with your personal data directly in any other way, the person responsible for the processing of your personal data is the mercantile company METRICOOL SOFTWARE, SL, with registered office at c / Téllez, nº 12, Entreplanta H, 28007, Madrid- Spain, with NIF: B87527115 (VAT: ESB87527115), duly registered in the Madrid Mercantile Registry at Volume 34.491, Folio 123, Section 8, Page M-620.321. Hereinafter, METRICOOL SOFTWARE.
2. Processing of personal data through Metricool:
2.1. Data processing as Data Controller: METRICOOL SOFTWARE, as Data Controller, as it decides how and for what the data is processed, will process the following data:
2.1.1. On the occasion of your request to register in Metricool as Administrator:
a) If you register with your email: we will ask for your email and a password that will be stored encrypted, and that will be your access credentials to Metricool. In that case, we will send you an email to the address provided for you to verify it.
b) If you register through social logins: you can register using your account on the social network whose social login is active in Metricool for this purpose. In that case, the corresponding social network will provide us with your email, your profile picture, and your name with a Unique Identifier associated with your Administrator profile in Metricool.
To do this, you must log into that social network and accept the permissions that you grant Metricool through it, which will allow the Metricool application to access different features depending on the social network in question for the purpose. To provide the hired service to manage your accounts on social networks and the advertising campaigns you carry out.
Examples of such permissions are: managing ads, accessing ads and their statistics, managing your account, accessing your profile and the publications you make, managing comments, accessing direct messages, accessing statistics, creating and managing content, etc.
Permissions may vary depending on the social network with which you register through the corresponding social login.
To hire paid services, we will ask you for your name and last name and the data related to the means of payment used.
2.1.2. On the occasion of the information request: if you contact us to request information, we will ask for your name, email, and telephone number.
2.1.3. To leave a comment on the Metricool blog: if you want to leave a comment on our blog, we will ask for your name and email.
2.2. Data processing as Data Processor: If you have registered as an Administrator in Metricool to provide account management services and advertising on social networks to Brands, using our tool, METRICOOL SOFTWARE has, in accordance with the provisions of the regulations of data protection, the consideration of Data Processor, since you will be able to have access to personal data on behalf of the Brand that you manage as Administrator and following your instructions. In that case, you will be the data controller as you decide how and for what the data of the Brand that you manage is processed, hiring the services of Metricool.
When you register a Brand in Metricool, and you are associating social media accounts to said Brand, you must accept the permissions that each social network grants to METRICOOL SOFTWARE to provide the services under contract.
Once you accept the permissions requested by each social network, each of them will allow METRICOOL SOFTWARE to have access to the administration of the account in the corresponding social network, with access to the creation and administration of content and/or publications, comments, direct messages, and statistics, as well as the administration of advertisements and the statistical data of such advertisements, with the sole purpose of providing the service hired by you as Administrator: evolution metrics, planning on social networks, automatic performance reports and the possibility of creating advertising campaigns from the platform itself, among other features.
For this reason, Metricool’s contract conditions include the clauses relating to the relationship of the Administrator (Data Processor) with METRICOOL SOFTWARE as Data Controller, which are detailed below:
2.2.1. Purpose of the processing order: By hiring the services of Metricool, METRICOOL SOFTWARE is enabled to process on behalf of the Administrator, the personal data necessary to provide Metricool services, consisting of the management of social media and online advertising accounts of the Brands indicated by the Administrator.
The data processing will consist of the possibility of accessing the information related to the contacts of the Brand managed by the Administrator in the different social networks in which the Brand is registered using Metricool.
2.2.2. Identification of the affected information: For the execution of services, the Administrator makes available to METRICOOL SOFTWARE the information related to the personal data of the contacts in their social media accounts of the Brands managed by the Administrator, because of the use of Metricool.
2.2.3. Duration: Access to personal data that is the responsibility of the Administrator or the Brands managed by the same will occur as long as the hiring of Metricool services for that specific Brand is in force. At the end of the service, for any reason, Metricool must delete the personal data collected through Metricool.
2.2.4. Obligations of METRICOOL SOFTWARE as Data Processor: METRICOOL SOFTWARE and all its personnel are obliged to:
a. Use the personal data subject to process, or those collected by the Administrator through Metricool, solely and exclusively for the purpose of the hired service. In no case may they use the data for METRICOOL SOFTWARE’s own purposes.
b. Process the data in accordance with the instructions of the Administrator according to the features offered by Metricool.
If METRICOOL SOFTWARE considers that any of the instructions violate the General Data Protection Regulation (GDPR) or any other provision on data protection of the European Union or the Member States, it will immediately inform the Administrator.
c. Keep, in writing, a record of all categories of data process activities carried out on behalf of the Administrator, containing:
– The name and contact details of METRICOOL SOFTWARE and of each manager on whose behalf it acts.
– The categories of data processing carried out on behalf of each person in charge.
– Where appropriate, transfers of personal data to a third country or international organization, including the identification of said third country or international organization and, in the case of transfers indicated in article 49 section 1, second paragraph of the GDPR, the documentation of adequate warranties.
– A general description of technical and organizational security measures related to:
i) Pseudonymisation and encryption of personal data.
ii) The capacity to guarantee the permanent confidentiality, integrity, availability, and resilience of the processing systems and services.
iii) The ability to restore availability and access to personal data quickly, in the event of a physical or technical incident.
iv) The process of regular verification, evaluation, and assessment of the effectiveness of technical and organizational measures to guarantee the security of the data process.
d. Do not communicate the data to third parties unless you have the express authorization of the Administrator in the legally admissible cases.
METRICOOL SOFTWARE may communicate the data to other data processors of the same data controller, in accordance with the instructions of the Administrator. In this case, the Administrator will identify, in advance and in writing, the entity to which the data must be communicated, the data to be communicated, and the security measures to be applied to proceed with the communication.
Suppose METRICOOL SOFTWARE must transfer personal data to a third country or an international organization under applicable European Union or Member State law. In that case, it will inform the Administrator of this legal requirement in advance, unless such Law prohibits it for important reasons of public interest.
e. The Administrator expressly and generally authorizes METRICOOL SOFTWARE to subcontract to a third party (Sub Data Processor) the performance of any data processing entrusted to it by reason of the hired services. METRICOOL SOFTWARE, in case of resorting to a Sub Data Processor to carry out certain processing activities on behalf of the Administrator, will impose on him, by signing the corresponding data process order contract, the same obligations as those stipulated in this document, and in particular, the provision of sufficient guarantees of application of appropriate technical and organizational measures so that the data process is in accordance with the provisions of the GDPR. If the Sub Data Processor fails to comply with its data protection obligations, METRICOOL SOFTWARE will remain fully responsible to the Administrator of the data process concerning the fulfillment of the obligations of the Sub Data Processor.
f. Maintain the duty of secrecy regarding the personal data you have had access to under the service provision, even after its purpose ends.
g. Guarantee that the persons authorized to process personal data undertake, expressly and in writing, respect confidentiality and comply with the corresponding security measures, of which they must be duly informed.
h. Maintain available to the Administrator the documentation proving compliance with the obligation established in the previous section.
i. Guarantee the necessary training in protecting the personal data of the persons authorized to process personal data.
j. Assist the Administrator in response to the exercise of the rights of access, rectification, deletion and opposition, limitation of data process, data portability, not to be the subject of automated individualized decisions (including the elaboration of profiles), when the affected persons exercise such rights.
k. METRICOOL SOFTWARE will notify the Administrator, without undue delay, and in any case before the maximum period of 72 hours by email, of the breaches of the security of the personal data in its charge of which it has knowledge, together with all the information relevant for the documentation and communication of the incident.
Notification will not be necessary when it is unlikely that said breach of security constitutes a risk to the rights and freedoms of natural persons.
If it is available, at least the following information will be provided:
a) Description of the nature of the personal data security breach, including, when possible, the categories and the approximate number of affected interested parties, and the categories and the approximate number of affected personal data records.
b) The name and contact details of the data protection officer or other contact points where more information can be obtained.
c) Description of the possible consequences of the breach of the security of personal data.
d) Description of the measures adopted or proposed to remedy the breach of the security of personal data, including, if applicable, the measures adopted to mitigate the possible adverse effects.
If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
It is the responsibility of the Administrator to notify the data security breaches to the Data Protection Authority and the interested parties when it is probable that the breach poses a high risk to the rights and freedoms of natural persons.
l. Provide support to the Administrator in conducting prior consultations with the supervisory authority, when appropriate.
m. Make available to the Administrator all the information necessary to demonstrate compliance with their obligations and carry out the audits or inspections carried out by the Administrator or another auditor authorized by him.
n. In any case, METRICOOL SOFTWARE will implement mechanisms to:
a) Guarantee the confidentiality, integrity, availability, and permanent resilience of the data processing systems and services.
b) Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
c) Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the data process.
d) Pseudonymize and encrypt personal data, if applicable.
o. Once the service has been completed, cease accessing the data and, if applicable, return the Administrator the personal data and supports where they appear, with the total erasure of the existing data on the computer equipment used by METRICOOL SOFTWARE. However, METRICOOL SOFTWARE may keep a copy, with the data duly blocked, as long as responsibilities may arise from the execution of the service.
2.2.5. Obligations of the Administrator: corresponds to the Administrator:
- Make available to METRICOOL SOFTWARE the necessary data for the provision of the hired service.
- It is the responsibility of the Administrator to facilitate the right of information at the time of collecting the data of the Brands.
- Carry out, where appropriate, an evaluation of the impact on the protection of personal data of the processing operations to be carried out by METRICOOL SOFTWARE and prior consultations with the corresponding control authority.
- Ensure, previously and throughout the data process, compliance with the GDPR by METRICOOL SOFTWARE.
- Supervise the data process, including the performance of inspections and audits.
3. Purpose of the processing of personal data and legal basis of the process:
The purposes of processing your personal data are listed below as “Interested Party”, understood as a natural person who provides information to METRICOOL SOFTWARE as the Data Controller that identifies or makes you identifiable, as well as the legal basis that legitimizes the data process.
3.1. Administrator data in Metricool: We collect your data as Administrator in Metricool to enable the provision of the hired service and send notifications related to the service and manage the billing and payment of the service.
We may also process your personal data to send commercial communications about METRICOOL SOFTWARE services if you have not objected to it, both at the time of collecting your data and at any later time.
We remind you that you have the power to oppose the sending of commercial communications at any time.
The legal basis for the processing of your data for the provision of the service, billing management, payment, and sending of notifications about the service is the execution of a contract or pre-contract in which you are a party as an Interested Party.
The legal basis for sending commercial communications about METRICOOL SOFTWARE services, if you have hired any of our services, is the legitimate interest of METRICOOL SOFTWARE for direct marketing purposes.
3.2. Process of contact data: In case you request information through any of the means that Metricool makes available to you (chat, forms, etc.), identifying data such as your name, telephone, and/or email will be collected in order to meet your request, based on the legitimate interest of METRICOOL SOFTWARE.
We will send you commercial communications, as long as you have consented to said purpose in an informed, free, unequivocal, and specific manner on the legal basis of the provision of that consent, and through an explicit affirmative action, such as checking a checkbox.
3.3. Data processing when submitting a Metricool blog comment: if you want to leave a comment on any of the Metricool blog posts, we will collect your data (your name, email, and website) to moderate and publish your comments with your name. It is not mandatory to put your website. Under no circumstance will we publish your email in your comment.
The legal basis for such data processing is the legitimate interest of METRICOOL SOFTWARE to meet your request to publish your comment on the blog.
4. Data retention period
The personal data provided will be kept as long as there is a mutual interest to maintain the data process and during the period for which responsibilities may arise for the services provided to the Interested Party (6 years in terms of accounting books, invoices, etc., according to article 30 of the Commercial Code; 5 years to exercise personal actions without a particular term according to article 1964 Civil Code; 4 years for tax obligations according to articles 66 et seq. of the General Tax Law, etc.).
When it is no longer necessary for such purposes, they will be deleted with adequate security measures to guarantee the pseudonymization of the data or the total destruction of the same.
The recipient is understood to be the natural or legal person, public authority, service, or other body to which personal data is communicated, whether or not it is a third party.
Your data will not be communicated to any other third party outside of METRICOOL SOFTWARE unless there is a legal obligation or you have expressly authorized it.
Data processors: There are data processors, understood as entities that process personal data that are the responsibility of METRICOOL SOFTWARE, following their instructions, as service providers necessary for the provision of the service requested by the Interested Party, with whom METRICOOL SOFTWARE has signed a data process order contract, under the provisions of the applicable regulations on data protection.
6. International Transfers
International data transfers involve a flow of personal data from Spanish territory to recipients established in countries outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland, and Norway).
METRICOOL SOFTWARE does not carry out international data transfers in the process.
You are empowered as an Interested Party to exercise the following rights that the data protection regulations recognize, in accordance with the provisions of the same:
– Right to revoke at any time the consent given for the process of said data, when the basis of legitimation of the data process is based on that consent.
– Right of ACCESS to personal data processed by METRICOOL SOFTWARE.
– Right to request the RECTIFICATION of the inaccurate data processed by METRICOOL SOFTWARE.
– Right to request the DELETE of the data when, among other reasons, the data is no longer necessary for the purposes that were collected by METRICOOL SOFTWARE.
– In certain circumstances, the LIMITATION OF THE DATA PROCESS may be requested, in which case METRICOOL SOFTWARE will only keep them for the exercise or defense of claims.
– In certain circumstances and for reasons related to your particular situation as an Interested Party, you may exercise the right of OPPOSITION to the data processing. In this case, METRICOOL SOFTWARE will stop processing the data, except for compelling legitimate reasons or the exercise or defense of possible claims.
– In certain circumstances and for reasons related to your particular situation as an Interested Party, you may request the right to PORTABILITY of the data. It is a complementary right to access since it allows obtaining the data provided to METRICOOL SOFTWARE in a structured, commonly used, and machine-readable format, being able to be transmitted directly to another entity upon request of the Interested Party.
You will be able to exercise such rights by any means that leave proof of its sending and receipt, clearly expressing your will in this regard and accompanying a copy of the ID and/or any other documentation proving your identity, by going to the email or postal address above.
In addition, if you consider any of your data protection rights violated, you are empowered to file a claim with the Spanish Data Protection Agency (AEPD), located at C / Jorge Juan, 6, 28001-Madrid https://www.aepd.es/ or through the electronic headquarters of the AEPD: https://sedeagpd.gob.es/sede-electronica-web/.
In order to safeguard the security of the personal data of the Interested Parties, it is reported that METRICOOL SOFTWARE has adopted all the technical and organizational measures necessary to guarantee the security of the personal data supplied.
All this to avoid its alteration, loss, and/or unauthorized process or access, as required by the regulations, although absolute security does not exist.
9. Updating of personal data
For the updated maintenance of the personal data of the Interested Party, he/she has the possibility of modifying or rectifying them through his/her user profile or by contacting METRICOOL SOFTWARE.
It is also reported that the data of the Interested Parties will be processed with the utmost care and confidentiality by all personnel involved in any of the data process phases.
At present, METRICOOL SOFTWARE in its app version does not use data storage and recovery devices on users’ devices that are not of a technical nature for the sole purpose of transmitting a communication over a network of electronic communications or, insofar as it is strictly necessary, for the provision of the Metricool service expressly requested by the interested party.
In the event that METRICOOL SOFTWARE is to use these data storage and retrieval devices in the future, clear and complete information will be provided about them, and the consent of the Interested Party will be obtained through the use of the appropriate parameters of the Metricool application.
12. Modification of these terms
Updated January 5, 2021