Privacy Policy

Last updated: December 20, 2018

Your privacy is very important to us. Accordingly, Metamorfosec ("we", "our", "us") has developed this Privacy Policy ("Policy") for any persons that accessed www.metamorfosec.com ("our website"), whether as a visitor or a client ("you", "your"), in order to understand how we collect, use, communicate, disclose, and make use of Personal Data ("data") through our website.Data means any information relating to an identified or identifiable natural person as a Data Subject. Anything that not explicitly stated in this Policy s subject to interpretation at our sole and discretion.

I. Data Collected

If you visit our website or chat with us live , we may automatically collect information about you. For example: your IP address, how you interact with our website (e.g. title of the page being viewed, URL of the page being viewed, etc.), and other technical information (e.g. location of the user, main Language of the browser being used, time in local user’s timezone, etc.)

We may also collect information about you manually, either must be or might be provided by you explicitly through forms (Consulting Request Form, Client Satisfaction Survey Form, Copyright Permission Request Form, Data Rights Request Form), Invoice, E-Mail sender identity, E-Mail signature, or Postal Mail sender identity, by engaging our Live Consultancy Service, giving us bug bounty payments, or communicating us via e-mail or postal mail. You agree that we may collect, retain, and use certain data in connection with the services provided. You shall be responsible for ensuring the truthfulness and accuracy of any data granted to us. Information that we may collect in this case are, but not limited to, Full Name, E-mail Address, Company/Business Name, Company/Business Address, Job Role, Website Address, Application Name, Application Version, Application Download Link, and Related Diagram or Documentation.

We implement data minimisation to ensure that your data that we collect are limited to the data reasonably required in connection with the purposes set out in this Policy. To prevent provide too many data to us, please only provide data as we requested. For example, do not put additional data or just put as minimum as possible additional data, such as Job Role, Company/Business Name, and Website Address in your e-mail signature. However, it is up to you. You have rights as stated in Your Rights at Point VIII.

II. Data Use

Information that we collect only for communication purpose in order to our services can be delivered optimally and improve user experience when using our website.

III. Data Protection

No method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your data. We do our best to protect data that you provided to us by conducting quality by design for security and privacy aspects and creating an incident response plan. These will be checked periodically. You are welcome to contact us in case you feel there is a case where the data provided by you has not been handled properly by us. We will correct any violation of the Policy (if it has happened) once we get a notification from you as soon as possible. However, you are also responsible for the ensuring that any data that you send to us are sent securely.

IV. Data Storage and Retention

Your data are stored at our server located in United States. We choose United States because our target visitors and clients are in international basis. If we download the data, they will be stored at cloud-based storage also located in United States in a secure manner like we describe in Data Protection at Point III above. Furthermore, by using cloud-based storage, it will prevent for data loss if the worst scenario, i.e. our system has damaged, happens. We will not retain your data for longer than required. We will keep your data for as long as required by law, until we no longer have a valid reason for keeping it, or until you request us to stop using it. Please see also Your Rights at Point VIII.

V. Data Transfer Abroad

Currently, we still just a not-incorporated small business in Indonesia without any representative in different country. We may transfer your data to our server located in United States as we stated in Data Storage and Retention at Point IV above. Additionaly, because of we operate outside of the EU (European Union), for EU residents, EU companies, and EU organizations, if we do transfer your data outside the EU, it will be because you have consented or because we have a legal reason to do so.

VI. Third Party Disclosure

We will not sell, rent, lease your data to anyone, or otherwise abuse the private information you have trusted us with. We will also not share your information with any third party without your prior consent. Like many websites, we use a number of third-party services. The following is a list of selected third-party services we share data with your prior consent.

  • PayPal. PayPal is used to provide secure credit and debit card processing services. If you choose to pay by this method, then your card details, name, address, and e-mail will be transmitted to PayPal securely for the processing of payment and for fraud prevention. If you choose to store your card details, then this will be saved alongside your name, address, and e-mail on PayPal's servers. Please read PayPal's Privacy Policy for more information: https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
  • JivoChat. JivoChat provides our live chat service available on our website. If you engage Live Consultancy Service, the conversation during consultation will be recorded and archived on JivoChat's server. This archive may include data that you may have disclosed during the conversation. In the end of consultation, you will receive a chat transcript. Please read JivoChat's Privacy Policy for more information: https://www.jivochat.com/privacy/.

Your data may be also disclosed to a third party if we are required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.

VII. Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The use of cookies is now standard for most websites. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Please see our Cookie Policy for more detail.

VIII. Your Rights

We will respect your legal rights to your data. To get your rights, simply contact us and we will send Data Rights Request Form to be filled out by you. We will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request). There are two entities that need to know, i.e. Data Controller and Data Processor. In a short, Data Controller determines the purposes and means of the processing of data and Data Processor processes data on behalf of the controller.

For Non-EU residents, Non-EU companies, and Non-EU organizations

If you are not located in the EU, you have certain rights as shown below.

  • The right to update data. You have the right to update some or all data that have provided to us.
  • The right to delete data. You have the right to delete some or all data that have provided to us.

For EU residents, EU companies, and EU organizations

If you are located in the EU, you have certain rights under European law called General Data Protection Regulation (GDPR) as shown below.

  • The right to be informed. We create this Policy to keep you informed as to what we do with your data. We strive to be transparent about how we use your data.
  • The right of access. You have the right to access your information. The right of access allows you to be aware of and verify the lawfulness of the processing.
  • The right to rectification. If the information we hold about you is inaccurate or not complete, you have the right to ask us to rectify it. If that data has been passed to a third party with your consent or for legal reasons, then we must also ask them to rectify the data.
  • The right to erasure. This is sometimes called "The right to be forgotten". You have the right to asks us to erase all your data. This right is not absolute and only applies in certain circumstances.
  • The right to restrict processing. You have the right to ask us to restrict how we process your data. This means we are permitted to store the data, but not further process it. This right is not absolute and only applies in certain circumstances.
  • The right to data portability. We must allow you to obtain and reuse your data in a machine-readable format for your own purposes across services in a safe and secure way without hindrance to usability. This right only applies to data that you have provided to us as the Data Controller.
  • The right to object. You have the right to object to data processing based on legitimate interested or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling), or data processing for purpose of scientific/historical research and statistics. In general, we do not process any data via “profiling” via our website. However, such profiling may happen by third party services through our website.
  • The rights related to automated decision making including profiling. This right protects you if we are carrying out solely automated decision-making that has legal or similarly significant effects on them. In general, we do not process any data via “profiling” or in form of automated decision making via our website. However, such profiling may happen by third party services through our website.

IX. Children’s Online Privacy Protection Act (COPPA)

The primary goal of COPPA is to protect children’s privacy online. COPPA puts parents in control over what information from their children. Our website is not intended for, and may not be permissibly used by, individuals under the age of 13. If it comes to our attention that we have collected data from such person, we may delete the data without notice. Additionally, if you are under 18 years of age, you are also not permitted to use our website and should not send any information about yourself to us through our website.

X. Changes

We reserve the right to amend this Policy at any time. To ensure this Policy remains effective and feasible, we shall from time to time review and make changes without prior notice. We suggest to check this page periodically. Your continued use of our website after amandement will constitute your acceptance of the current Policy.

XI. Questions and Comments

If you have any questions and comments about our Policy or practices, please contact us us via e-mail with the word "Privacy Policy" in the subject line.