Privacy Policy

1. Data Controllers

This Privacy Policy applies to the website located at www.metaqor.com (the "Site"), operated by:

For visitors located in the European Economic Area (EEA), United Kingdom, or Switzerland, MetaQor BV acts as the primary data controller and is responsible for compliance with the General Data Protection Regulation (GDPR) and applicable national implementing legislation.

2. Scope of This Policy

This policy covers personal data processed in connection with your use of the Site. It does not cover:

• Data processed in the context of employment, contractor, or partnership relationships with MetaQor
• Data submitted through direct email correspondence (governed by applicable contract terms)
• Data processed by third-party websites that may be linked from the Site

3. Data We Collect

3.1 Data Collected Automatically (Analytics)

When you visit the Site, our analytics providers automatically collect certain technical information, including:

• Truncated or anonymised IP address
• Browser type and version
• Operating system
• Referring URL
• Pages viewed, time on page, and scroll depth
• Country and city of origin (derived from IP; not linked to identity)
• Device type (desktop, mobile, tablet)
• Session duration and interaction events

We configure our analytics tools to anonymise IP addresses prior to storage. This data is collected only after you have provided consent via our cookie banner (where required by applicable law).

3.2 Data You Provide Voluntarily

The Site does not currently include contact forms or user registration. If you send us an email directly, we will process your email address and the contents of your message solely to respond to your inquiry.

3.3 Data We Do Not Collect

We do not collect, and have no interest in collecting: names, postal addresses, financial information, health information, government identification numbers, or any special-category data as defined under GDPR Article 9.

4. Legal Basis for Processing (GDPR)

For visitors in the EEA, UK, or Switzerland, our processing of personal data rests on the following legal bases:

• Consent (Article 6(1)(a)): Analytics and performance cookies are placed only where you have given freely-given, specific, informed, and unambiguous consent via our cookie consent tool. You may withdraw consent at any time.
• Legitimate Interests (Article 6(1)(f)): We may process minimal technical data (e.g., server logs retained briefly for security purposes) on the basis of our legitimate interest in maintaining the security and availability of the Site, where those interests are not overridden by your fundamental rights.

5. How We Use Data

We use the information collected for the following purposes only:

• To understand aggregate patterns in how the Site is used (e.g., which sections attract the most attention from scientific, investor, or industry audiences)
• To improve the content, structure, and performance of the Site
• To detect and respond to security incidents or abuse
• To comply with legal obligations

We do not use your data for automated decision-making, profiling, behavioural advertising, or sale to third parties.

6. Cookies and Tracking Technologies

The Site uses the following categories of cookies:

Strictly Necessary

Cookies required for the Site to function (e.g., security and load-balancing cookies set by our hosting provider). These do not require consent.

Analytics & Performance (Consent Required)

We use Google Analytics 4 and Microsoft Clarity to collect anonymised usage data. These cookies are set only after you provide explicit consent. You may withdraw consent at any time by clicking the "Cookie Preferences" link in the site footer and changing your selection.

Google Analytics operates under a Data Processing Agreement with MetaQor. IP anonymisation is enabled. Data is stored on Google's servers, subject to the safeguards described in Section 8 (International Transfers).

Microsoft Clarity may generate session recordings and heatmaps of aggregate visitor behaviour. Data is anonymised and not linked to individual identity. Clarity operates under Microsoft's Data Processing Agreement.

Managing Cookies

You can manage cookie preferences at any time via:

• The cookie consent banner that appears on your first visit
• The "Cookie Preferences" link in the footer of this Site
• Your browser settings (note: blocking all cookies may affect Site functionality)
• Opt-out links: Google Analytics opt-out | Microsoft Clarity opt-out

7. Data Processors and Sub-Processors

We share data only with service providers that process data on our behalf under binding data processing agreements:

• Google LLC — Analytics (GA4). Data Processing Terms: google.com
• Microsoft Corporation — Clarity session analytics. Data Processing Terms: microsoft.com
• GoDaddy Inc. — Web hosting and domain registration. Privacy policy: godaddy.com
• Cookiebot / Usercentrics A/S — Consent management platform. Privacy policy: cookiebot.com

We do not sell, rent, or share personal data with any other third party except as required by law.

8. International Data Transfers

MetaQor is a dual-entity structure with operations in the United States and the Netherlands. Data may be processed in both jurisdictions.

For transfers of personal data from the EEA to the United States, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs) — EU Commission-approved SCCs are incorporated into our data processing agreements with US-based processors (Google, Microsoft, GoDaddy).
• EU–US Data Privacy Framework — Where applicable, processors certified under the EU–US Data Privacy Framework provide an additional adequacy basis for transfers.

9. Data Retention

• GA4 analytics data: Retained for 14 months (the minimum configurable retention period in GA4), after which event-level data is automatically deleted.
• Microsoft Clarity data: Session recordings retained for 90 days.
• Server logs: Retained for up to 30 days for security purposes.
• Email correspondence: Retained for as long as reasonably necessary to address your inquiry, and no longer than 2 years unless a legal obligation requires longer retention.
• Consent records: Retained for 5 years to demonstrate compliance with GDPR Article 7(1).

10. Your Rights

Rights Under GDPR (EEA, UK, Switzerland)

You have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate data.
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Right to Restriction (Art. 18): Request that we limit processing of your data.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
• Right to Lodge a Complaint: File a complaint with your national supervisory authority. For the Netherlands: Autoriteit Persoonsgegevens (AP).

Rights Under CCPA (California Residents)

California residents have the right to know what personal information we collect, to request deletion, to opt out of sale (we do not sell data), and to non-discrimination for exercising these rights.

How to Exercise Your Rights

Submit requests to privacy@metaqor.com. We will respond within 30 days (GDPR) or 45 days (CCPA). We may request verification of your identity before processing rights requests.

11. Children's Privacy

The Site is directed to scientific, medical, investor, and business development audiences. It is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include TLS/HTTPS encryption for all data in transit, access controls, and data minimisation practices. No transmission over the internet is completely secure; we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in an updated effective date at the top of this page. We encourage you to review this page periodically. Continued use of the Site following any update constitutes acceptance of the revised policy to the extent permitted by applicable law.

14. Contact and Data Protection Inquiries

MetaQor does not currently have a designated Data Protection Officer (DPO) but reviews DPO appointment requirements on an ongoing basis as processing activities evolve. All privacy inquiries are handled by company leadership.