Privacy Policy

Updated on March 10, 2026

Merytucentric, S.A. (hereinafter "Merytu") provides a service (the "Service") that allows its clients (the "Clients") to connect with a geographically distributed network of individuals who, as independent contractors (the "Meryters"), offer to perform professional services on a temporary and time-limited basis (the "Gigs").

‍

Merytu is strongly committed to protecting the personal data of those who use its Service. Through this policy (the "Policy"), it aims to inform, clearly and transparently, among other things, how personal data is processed (i.e., collection, storage, processing, transmission, and deletion), ensuring that data is collected, shared, and stored with reference to the best practices in personal data security and protection.

‍

‍It is extremely important that you read this Policy carefully and fully understand its scope. Should you have any doubts or questions regarding it, please do not hesitate to contact us using the details identified in section 5 below.

1. Personal Data Controller

The entity responsible for data processing is Merytucentric, S.A., registered under identification and corporate number 515465135, with its registered office at Avenida Duque de Loulé, 72, 3rd Floor, 1050-091 Lisbon (the "Responsible Entity").

2. Purposes of Personal Data Processing

The Responsible Entity, within the scope of its activities, processes personal data for the following purposes (the "Purposes"):

(i) To enable the registration of Companies and professionals on the Platform;
‍

(ii) To provide a matching service between the characteristics of independent professionals registered on the platform and the professional engagement requirements requested by companies through the posting of a Gig;

(iii) To contact the Meryter to provide information related to a Gig. These communications may be made via email, telephone, or text messages. The chosen communication method will depend on the reason for the communication;

(iv) To allow companies to post gigs;
‍

(v) Allow independent professionals to accept Gigs; and
‍

(vi) Offer the best service and support. Through our Customer Care, we provide assistance to companies and professionals at any time regarding Gigs or any other platform-related matter. This assistance can only be provided if we have access to your Personal Data;
‍

(vii) Enable integrated payments by companies;
‍

(viii) Enable professionals to cash out payments;
‍

(ix) Enable automatic invoicing from the professional to the company for services rendered;

‍(x) Continuously improve the service provided through testing processes, investigations, and analytical studies;

(xi) Share news, products, and promotions related to the merytu platform and with external partners associated with merytu's products and services;
‍

(xii) Offer benefits to professionals and companies, including commercial discounts and loyalty programs;
‍

(xiii) Enable the company to access Gig and billing history.

3. Personal Data

The personal data processed for the stated purposes includes the following:

(xiv) First Name;
‍

(xvi) Date of Birth;
‍

(xv) Surname;
‍

(xvii) Gender;
‍

(xviii) Address;
‍

(xix) Nationality;
‍

(xx) Mobile Phone Number;
‍

(xxii) Tax Identification Number;
‍

(xxi) Professional Area;
‍

(xxiii) Socio-professional data – Curriculum Vitae;
‍

(xxiv) IBAN.
‍

Other personal data may be collected if it proves necessary for the Purposes of processing.

The Responsible Entity is not responsible for the veracity, omissions, inaccuracies, and falsehoods of the personal data transmitted to it.
‍

The personal data collected may be processed electronically, whether automated or not, ensuring in all cases strict compliance with personal data protection legislation.

‍

4. Retention of Personal Datas

The period during which personal data is stored and retained will vary in accordance with the aforementioned Purposes.

‍

Whenever there is no specific legal requirement establishing a minimum retention period, data will only be retained for the minimum period necessary to achieve the purposes for which it was collected or subsequently processed, this period being determined based on reasonableness criteria.

‍

Nevertheless, the most relevant retention periods we have defined for the purposes of using your personal data are as follows:

‍

(xxv) User Management – sub-item 2.(i) – 1 year (plus current year) after last access;

‍

(xxvi) Service Provision – sub-items 2.(ii) to 2.(vi), 2.(viii) to 2.(x) – 2 years;

‍

(xxvii) Transaction Management – sub-items 2.(vii), 2.(ix), and 2.(xiii) – legal retention period of 10 years;

‍

(xxviii) Loyalty programs – sub-item 2.(xii) – 3 years;

‍

(xxix) Marketing – item 2.(xi) – until consent is revoked or 2 years without interaction.

‍

5. Rights of Personal Data Subjects

Data subjects are guaranteed the right to access their personal data at any time, as well as to its rectification, erasure, portability, restriction, and/or objection to processing.

‍

Any of these rights may be exercised by written communication addressed to the Responsible Entity, either to the Responsible Entity's registered office address or to the following email address: geral@merytu.com

‍

Additionally, data subjects may always submit any necessary complaints to the competent authority.

6. Security in Personal Data Processing

The Responsible Entity is committed to ensuring the security and protection of customers' and users' personal data. To this end, the Entity has adopted the following measures:‍

(xxx) Information encryption using a high-security protocol – AES-256;
‍

(xxxi) Restricted access to data with high-strength passwords;
‍

(xxxii) Exclusive access via Digital Certification – 2048-bit RSA key pair;
‍

(xxxiii) High physical entry restrictions to the spaces where the merytu platform's information storage servers are located;
‍

(xxxiv) Use of Firewalls – restricted access to specific IPs; and
‍

(xxxv) Offline private network-based system environment.
‍

The Responsible Entity informs that the aforementioned security measures will be reviewed and updated according to the needs and requirements of these matters.
‍

If, for any reason, a security breach occurs that accidentally or unlawfully leads to the destruction, loss, alteration, unauthorized disclosure of, or access to personal data, the Responsible Entity undertakes, in accordance with applicable law, to notify the competent authorities without undue delay and, where feasible, within 72 hours of becoming aware of such an occurrence.

Additionally, and under the terms mentioned in the previous paragraph, the Responsible Entity undertakes to communicate any personal data breach to the respective data subject, in accordance with applicable law.

‍

7. Disclosure of Personal Data to Third Partiess

In the context of the Service, Merytu, as the Responsible Entity, shares the personal data of Meryters with Clients, with other companies of the Merytu group, and with external suppliers who assist with various Service-related matters.

Whenever this occurs, the Responsible Entity undertakes to adopt the necessary and appropriate measures to ensure that all entities that have access to such personal data offer high security guarantees and that the personal data shared is the minimum essential for the full provision of the Service provided by Merytu.

Whenever necessary, and within the scope of contracting third parties by the Responsible Entity, personal data may be transferred outside the European Union, under the terms and conditions permitted by applicable law.

‍‍

8. Access to Partner Websites

This Policy does not apply to third-party websites. In this case, whenever you visit another website from this one, you should always read the applicable privacy policy and check if you agree with its terms before providing your personal data.

8. Acesso a Website de Parceiros
‍

The Responsible Entity is not responsible for the applicable privacy policy or for the content provided on third-party websites.

‍

9. Use of Cookies

Our Services may use "cookies" and similar technologies (collectively "cookies"). Cookies are small text files that this Website sends to your computer for the purpose of storing information, which will be stored on your computer's hard drive. Cookies simplify navigation on our website by storing your browsing preferences, so that we can improve your next visit to our Website.9. Utilização de Cookies
‍

‍

One of the purposes of cookies is to simplify the use of our Website. A cookie can store user login details, so that the user does not need to repeat the login every time they access the Website.

‍

Cookies can be "persistent" or "temporary" (session cookies). A persistent cookie retains user preferences for a particular website, allowing those preferences to be used in future browsing sessions on the website, remaining valid until an expiration date is set (unless deleted by the user before the expiration date). A temporary cookie, on the other hand, will last until the end of the session when the browser is closed.