GDPR Compliance

1. Our Commitment to GDPR

MetaCurate Ltd is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). We take the protection of personal data seriously and have implemented robust processes to ensure your rights are upheld at all times.

2. Who We Are

MetaCurate Ltd acts as a Data Controller in respect of personal data collected through our website and as a Data Processor in respect of data processed on behalf of our clients through the Audience Intelligence platform. We are registered with the Information Commissioner's Office (ICO) in the United Kingdom.

3. Lawful Basis for Processing

Under the UK GDPR, we rely on the following lawful bases for processing personal data:

• Consent — where you have freely given, specific, informed, and unambiguous consent to processing
• Contract — where processing is necessary for the performance of a contract with you
• Legitimate Interests — where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights
• Legal Obligation — where processing is necessary to comply with a legal obligation

4. Your Rights Under GDPR

You have the following rights in relation to your personal data:

• Right of Access — you may request a copy of the personal data we hold about you
• Right to Rectification — you may request correction of inaccurate or incomplete data
• Right to Erasure ('Right to be Forgotten') — you may request deletion of your personal data in certain circumstances
• Right to Restrict Processing — you may request that we limit how we use your data
• Right to Data Portability — you may request your data in a structured, machine-readable format
• Right to Object — you may object to processing based on legitimate interests or for direct marketing purposes
• Rights related to Automated Decision-Making — you have rights in relation to any automated profiling or decision-making that produces legal or similarly significant effects

To exercise any of these rights, please contact our Data Protection contact at privacy@meta-curate.com. We will respond within 30 days.

5. Data We Process

As a programmatic advertising technology company, we process the following categories of data:

• Contact and professional information provided through our website and sales processes
• Technical and usage data relating to interactions with our platform
• Advertising-related data processed on behalf of clients, which may include pseudonymous audience segments and bid data
• Cookie and tracking data collected in accordance with our Cookie Policy

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. We have a data retention policy that sets out the specific periods for different categories of data. Data is securely deleted or anonymised once the retention period expires.

7. International Data Transfers

Where personal data is transferred outside the UK or the European Economic Area (EEA), we ensure that appropriate safeguards are in place. This may include the use of Standard Contractual Clauses (SCCs), adequacy decisions, or other transfer mechanisms recognised under UK GDPR and EU GDPR.

8. Data Security

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures are regularly reviewed and updated to reflect best practice and evolving threats.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority (ICO in the UK) within 72 hours of becoming aware, in accordance with our obligations under UK GDPR. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay.

10. Third-Party Processors

We use carefully selected third-party service providers who process data on our behalf. All third-party processors are subject to binding data processing agreements that require them to handle personal data in accordance with UK GDPR and maintain appropriate security measures.

11. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance at privacy@meta-curate.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12. Contact

For any GDPR-related queries, please contact us at: