Privacy policy

Merytucentric, S.A. ("Merytu") provides a service (the "Service") that enables its clients (the "Clients") to connect with a geographically distributed network of individuals who, as independent workers (the "Meryters"), undertake to perform professional services on a punctual and time-limited basis (the “Gigs").

‍

Merytu is strongly committed to protecting the personal data of those who use its Service. Through this policy (the "Policy"), it intends to inform, in a clear and transparent manner, among other matters, about how personal data is processed (i.e. collection, storage, processing, transmission and deletion), ensuring that data is collected, shared and stored in accordance with best practices in the field of security and protection of personal data.

‍

It is extremely important that you read this Policy carefully and fully understand its scope. Should you have any doubts or questions regarding this Policy, please do not hesitate to contact us through the contacts identified in section 5 below.

1. Data Controller

The entity responsible for the processing of data is Merytucentric, S.A., registered under taxpayer and legal entity number 515465135, with registered office at Avenida Duque de Loulé, 72, 3rd Floor, 1050-091 Lisbon (the "Data Controller”).

2. Purposes of the Processing of Personal Data

The Data Controller, within the scope of the activities it carries out, processes personal data for the following purposes (the "Purposes"):

‍

(i) To enable the registration of companies and professionals on the Platform;

‍

(ii) To provide the matching service between the characteristics of independent professionals registered on the Platform and the characteristics of the professional engagement requested by companies through the publication of a Gig;

‍

(iii) To contact Meryters in order to provide information relating to a Gig. Such communications may be made via email, telephone or text message, depending on the purpose of the communication;

‍

(iv) To enable companies to publish Gigs;

‍

(v) To enable independent professionals to accept Gigs;

‍

(vi) To provide the best service and assistance. Through our Customer Care we offer assistance to companies and professionals at any time in the scope of Gigs or in any other scope relating to the platform. Such assistance can only be provided if we have your Personal Data;

‍

(vii) To enable integrated payments by companies;

‍

(viii) To enable cash-out of payments received by professionals;

‍

(ix) To enable the automatic invoicing of the professional to the company where the service was provided;

‍

(x) To continuously improve the Service through testing processes, research and analytical studies;

‍

(xi) To share news, products and promotions related to the merytu platform and with external partners related to merytu's products and services;

‍

(xii) To promote benefits to professionals and companies within the scope of commercial discounts and loyalty programs;

‍

(xiii) To enable companies to consult Gig and invoicing history.

3. Personal Data

The personal data processed for the purposes of the Purposes set out above include the following:

‍

(xiv) First name;

‍

(xv) Surname;

‍

(xvi) Date of birth;

‍

(xvii) Gender;

‍

(xviii) Address;

‍

(xix) Nationality;

‍

(xx) Mobile phone number;

‍

(xxi) Professional Area;

‍

(xxii) Tax identification number;

‍

(xxiii) Socio-professional data – Curriculum Vitae;

‍

(xxiv) IBAN.

‍

Other personal data may be collected if it proves necessary for the Purposes of the processing.

‍

The Data Controller is not responsible for the truthfulness, omissions, inaccuracies and falsities of the personal data transmitted to it.

‍

The personal data collected may be processed electronically and in an automated or non-automated manner, ensuring in all cases strict compliance with personal data protection legislation.

4. Retention of Personal Data

The period of time during which personal data is stored and retained shall vary in accordance with the Purposes referred to above.

‍

Whenever there is no specific legal requirement determining a minimum retention period, data shall only be retained for the minimum period of time necessary for the pursuit of the purposes that motivated its collection or subsequent processing, such period being set within criteria of reasonableness.

‍

Without prejudice to the above, the most relevant retention periods we have defined for the purposes of the use of your personal data are as follows:

‍

(xxv) User management – clause 2(i) – 1 year (plus current year) after last access;

‍

(xxvi) Provision of the Service – clauses 2(ii) to 2(vi), 2(viii) to 2(x) – 2 years;

‍

(xxvii) Transaction management – clauses 2(vii), 2(ix) and 2(xiii) – legal period of 10 years;

‍

(xxviii) Loyalty programs – clause 2(xii) – 3 years;

‍

(xxix) Marketing – clause 2(xi) – until revocation of consent or 2 years without interaction.

‍

5. Rights of Data Subjects

The personal data subject is assured the right, at any time, to access their personal data, as well as to its rectification, deletion, portability, restriction and/or objection to processing.

‍

The exercise of any of these rights may be carried out through a written communication addressed to the Data Controller, either to the Data Controller's registered office address or to the following email: geral@merytu.com.

‍

Additionally, personal data subjects may always file complaints they deem necessary with the competent authority for this purpose.

6. Security in the Processing of Personal Data

The Data Controller is committed to ensuring the security and protection of personal data of clients and users. To this end, the following measures have been adopted:

‍

(xxx) Encryption of information using a high-security protocol – AES-256;

‍

(xxxi) Restricted access to data with high-caliber passwords;

‍

(xxxii) Exclusive access through digital certification – 2048-bit RSA key pair;

‍

(xxxiii) Strict physical entry restrictions to the spaces where the merytu platform information storage servers are located;

‍

(xxxiv) Use of Firewalls – access restricted to specific IPs;

‍

(xxxv) System environment based on a private offline network.

‍

The Data Controller informs that the aforementioned security measures shall be reviewed and updated according to the needs and requirements of these matters.

‍

Should, for any reason, a security breach occur that causes, accidentally or unlawfully, the destruction, loss, alteration, unauthorized disclosure of, or access to personal data, the Data Controller undertakes, under the terms of applicable legislation, to notify the competent authorities without undue delay and, wherever possible, within 72 hours of becoming aware of such occurrence.

‍

Additionally, and under the terms referred to in the preceding paragraph, the Data Controller undertakes to communicate the personal data breach to the respective data subject, in accordance with applicable legislation.

7. Disclosure of Personal Data to Third Parties

In the context of the Service, Merytu, as Data Controller, shares the personal data of Meryters with Clients, with other companies of the Merytu group, and with external suppliers that assist with different matters related to the Service.

‍

Whenever this occurs, the Data Controller undertakes to adopt the necessary and adequate measures to ensure that all entities that have access to such personal data offer high security guarantees and that the personal data shared is the minimum indispensable for the proper provision of the Service by Merytu.

‍

Whenever necessary, and within the scope of the engagement of third parties by the Data Controller, personal data may be transferred outside the European Union, under the terms and conditions permitted by applicable legislation.

‍

8. Access to Third-Party Websites

This Policy does not apply to third-party websites. In this case, whenever you visit another website from this one, you should always read the applicable privacy policy and verify that you agree with its terms before providing your personal data.

‍

The Data Controller is not responsible for the applicable privacy policy or the content made available on third-party websites.

9. Use of Cookies

Our Services may use "cookies" and similar technologies (collectively "cookies"). Cookies are small text files that this Website sends to your computer for the purpose of storing information, which will be stored on your computer's hard drive. Cookies simplify navigation on our website by saving your browsing preferences, so that we can improve your next visit to our Website.

‍

One of the purposes of cookies is to simplify the use of our Website. A cookie may store the user's login details so that the user does not need to repeat the login every time they access the Website.

‍

Cookies may be "persistent" or "temporary" or session cookies. A persistent cookie retains the user's preferences for a particular website, allowing the use of those preferences in future browsing sessions on the Website, remaining valid until a defined expiration date (unless deleted by the user before the expiration date). A temporary cookie, on the other hand, will have a lifespan until the end of the session, when the browser is closed.

10. Changes to the Policy

The Data Controller reserves the right, at any time, to make changes to this Policy, it being understood that such changes shall be duly published on this website.

‍

For this reason, regular and periodic consultation of this Policy through this website is recommended.