Privacy Policy
Effective Date: October 8, 2025 | Version: 1.0
1. Who We Are and What This Policy Covers
1.1. Introduction. This Privacy Policy explains how Mindrock Holdings Ltd (“we,” “us,” or “our”) collects, uses, shares, and protects your personal data (also referred to as “personal information” in some jurisdictions) when you use our pre-launch website (the “Site”), including when you sign up for our waitlist. We are committed to protecting your privacy and being transparent about how we handle your information.
1.2. Data Controller. For the purposes of applicable data protection laws, such as the EU General Data Protection Regulation (GDPR) and the UK GDPR, and other applicable data protection laws in your jurisdiction, Mindrock Holdings Ltd is the “data controller” responsible for your personal data. This means we determine the purposes and means of processing your personal data. For the avoidance of doubt, Mindrock Holdings Ltd acts as an independent controller for the processing described in this Policy. In the U.S. state privacy laws at this pre-launch stage, we act as a “business” rather than a “service provider.” This role may differ under other jurisdictions’ laws and will be updated if our processing materially changes.
1.3. Our Details.
2. Scope & Audience
2.1. Scope of this Policy. This Privacy Policy applies to our pre-launch website and related waitlist and communication features (the “Site”). It covers the processing of personal data that occurs when you browse the Site, submit your contact details to join the waitlist, or communicate with us through the Site’s forms or the contact channels listed in Section 1.
2.2. What is not covered. This Policy does not apply to any post-launch accounts, in-product features, payments, payouts, user-generated content, or other services that may be offered in the future. Those activities, if and when offered, will be governed by separate privacy disclosures made available at that time.
2.3. Audience and age requirement. The Site is intended for adults only. You must be at least eighteen (18) years old, or the age of majority in your place of residence if higher, to use the Site. We do not knowingly collect personal data from children.
2.4. Geographic reach. This Policy applies to users worldwide. Depending on where you reside, additional notices or rights may apply to you (for example, under EU/UK data protection law, U.S. state privacy laws, or other mandatory local laws). Where a provision of this Policy conflicts with mandatory law that applies to you, the mandatory law prevails.
2.5. Relationship to the Terms. Your use of the Site is governed by the Pre-Launch Terms of Use (https://meetris.com/en/terms_of_use). Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms.
3. What Personal Data We Collect
3.1. Data minimisation principle. We believe in data minimisation and collect only the personal data that is necessary for the purposes described in this Policy. The personal data we collect can be grouped into the categories listed in 3.2 — 3.3 below.
3.2. Data you provide directly to us.
We collect personal data that you voluntarily submit to us when you interact with the Site. This includes:
(a) Waitlist Information, which consists of your email address and, if you choose to provide them, your telephone number or a nickname, collected when you sign up for our waitlist;
(b) Communications data: your contact details, the content of your messages, and any other information you choose to provide when you contact us through our support channels or web forms (collectively, “Communications Data”).
3.3. Data we collect automatically.
As you navigate the Site, we may automatically collect certain technical data about your device and browsing activity. This information includes:
(a) Technical and Log Data, such as your IP address, browser type and version, device identifier, operating system, and general geographic location (e.g., country or city). We also process server logs, which record the date and time of your access, the pages you viewed, and details of your requests (collectively, “Technical Data”).
(b) Cookie Data. We use strictly necessary cookies to ensure the Site functions correctly. Subject to your consent, we may also use analytics cookies to generate aggregated data about visitor interactions. This type of data collection is described in detail in Section 5 of this Policy.
3.4. Data we do not collect. We do not actively seek to collect, and you should not provide, any "special categories of personal data" (such as health data, data revealing ethnic origin, or political opinions). At this pre-launch stage, we do not record any video or audio from your device, nor do we use your personal data for automated decision-making that would produce legal or similarly significant effects on you.
4. Why We Use Personal Data (Purposes and Legal Bases)
4.1. Overview. We process personal data only for specific, explicit, and legitimate purposes, and only where permitted by applicable law. Depending on where you live, the applicable legal basis or classification may differ (for example, consent, contract necessity, legitimate interests, legal obligation, or an equivalent concept under local law). Where a jurisdiction (such as the EU/EEA or the UK) requires identification of a specific legal basis, the basis is indicated for each purpose. In U.S. state privacy regimes, these purposes align to “business purposes” and compatible uses.
4.2. Waitlist enrolment and launch updates. We use your Waitlist Information to register you for our waitlist, send a confirmation email to verify your request (double opt-in), and notify you of important news, such as the official launch of our service.
Legal basis where required: contract necessity and/or legitimate interests to register your request and notify you about service availability; where local law requires prior consent for electronic communications, we will seek it (see the marketing checkbox).
4.3. Direct responses to your inquiries. We use your Communications Data to respond to your inquiries, provide support, and send you essential, non-promotional messages related to your waitlist status or significant changes to our Terms or this Policy.
Legal basis where required: legitimate interests in providing and improving the Site and communicating with users; where a response is necessary to take steps at your request prior to entering into a contract, contract necessity may apply. You may object to processing based on legitimate interests (see Section 9).
4.4. Site operation and improvement. We use Technical Data to analyze the performance of our Site, diagnose errors, understand visitor trends at an aggregate level, and inform our future product development.
Legal basis where required: legitimate interests in maintaining and improving our service for analytics based on aggregated, anonymised server-side logs that do not use cookies; consent for analytics involving cookies. You may withdraw your consent at any time or object to processing based on legitimate interests (see Section 9).
4.5. Security, fraud prevention, and abuse prevention. We process Technical Data and other relevant information to protect the security and integrity of our Site, prevent spam and fraud, investigate suspicious activity, and enforce our Pre-Launch Terms of Use.
Legal basis where required: legitimate interests in securing our systems and users; where applicable, legal obligation.
4.6. Recordkeeping for consent and compliance. We process certain data, such as your consent records, to document our compliance with legal obligations and for accountability purposes.
Legal basis where required: legal obligation where imposed by law; otherwise legitimate interests.
4.7. Marketing by SMS or instant messaging. If we offer this option in the future and you explicitly consent, we will use your contact details to send you marketing messages via these channels.
Legal basis where required: consent. You may withdraw consent at any time.
4.8. Enforcement of the Terms and protection of rights. We may use your personal data to enforce our Pre-Launch Terms of Use, pursue or defend legal claims, and protect our rights and the rights of others.
Legal basis where required: legitimate interests; where applicable, legal obligation.
4.9. No sale or sharing for targeted advertising. We do not “sell” personal information or “share” it for cross-context behavioural advertising at this pre-launch stage of the Site. If this changes, we will update this Policy and provide all required notices and opt-out mechanisms before any such processing begins.
4.10. Your right to object (where applicable). Where we rely on legitimate interests, you may object to such processing on grounds relating to your particular situation, in jurisdictions that recognise this right. We will honour your objection unless we demonstrate compelling legitimate grounds or the processing is required for the establishment, exercise, or defence of legal claims.
5. Cookies & Similar Technologies
5.1. What Are Cookies? Cookies are small text files that are placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. "Similar technologies" refers to other tools that function like cookies, such as web beacons or pixels.
5.2. How We Use Cookies. We use cookies for the following purposes:
(a) Necessary Cookies. These cookies are essential for you to browse the Site and use its features, such as maintaining a secure session or managing your cookie consent preferences. These cookies are always active and do not require your consent.
(b) Analytics Cookies. Subject to your consent, we may use these cookies to collect information about how you interact with our Site. This helps us understand usage patterns, identify popular pages, and improve the Site’s performance and design. These cookies are disabled by default.
(c) Marketing Cookies. We do not use marketing or advertising cookies at this pre-launch stage of the Site.
5.3. Your Choices and How to Manage Cookies. You have full control over non-necessary cookies. When you first visit our Site, you will see a cookie consent banner where you can accept all, reject all, or customise your preferences. You can change your mind and withdraw your consent at any time through our Consent Management Platform (the “CMP”), accessible via the “Cookie Settings” link in the Site’s footer. Your browser settings also allow you to block or delete cookies; doing so may affect the Site’s functionality.
5.4. Global Privacy Control. Global Privacy Control (“GPC”) is a browser or extension signal that tells websites you want to opt out of tracking beyond what is necessary. Where required by law, we respect a valid GPC signal as an effective opt-out of consent for any analytics cookies on this Site. If you later choose different settings in the CMP, those settings will govern.
5.5. Cookie List. For a detailed and up-to-date list of the specific cookies we use, their purpose, and their duration, please refer to our CMP.
6. Sharing & Processors
6.1. Service providers (processors). We use third-party service providers to operate the Site and communicate with you. These providers act on our instructions under written contracts and are bound by confidentiality and data-protection obligations. Categories include: hosting and content delivery networks, email delivery services, consent-management platforms, basic analytics (if enabled), and customer-support tools.
6.2. No sale or sharing for targeted advertising. We do not “sell” personal information or “share” it for cross-context behavioural advertising at this pre-launch stage of the Site. If this changes, we will update this Policy and provide all required notices and opt-out mechanisms before any such processing begins.
6.3. Legal disclosures and protection of rights. We may disclose personal data to competent authorities or third parties where we believe disclosure is necessary to comply with law or legal process, to enforce our Terms, or to protect the rights, safety, and security of our users, the public, or the Site.
6.4. Corporate transactions. We may disclose or transfer personal data in connection with a merger, acquisition, financing, reorganisation, sale of assets, or similar corporate transaction. We will take steps to ensure the recipient honours this Policy or provides materially equivalent protection.
6.5. Aggregated and de-identified data. We may use, share, or publish aggregated or de-identified information that does not identify you, provided we take reasonable measures to prevent re-identification.
6.6. International transfers. Where sharing involves a recipient outside your jurisdiction, we implement appropriate safeguards as described in Section 7 (International Data Transfers).
7. International Data Transfers
7.1. Our Global Operations. We operate as a global business, and the service providers we use to operate our Site may be located in various countries around the world. As a result, your personal data may be transferred to, stored, and processed in countries other than your own, including the United States, which may have data protection laws that are different from the laws of your country.
7.2. Safeguards for International Transfers. We are committed to ensuring that your personal data is protected wherever it is processed. When we transfer personal data from jurisdictions with specific cross-border transfer restrictions (such as the European Economic Area, the United Kingdom, or Switzerland) to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate legal safeguards.
7.3. Transfer Mechanisms. These safeguards typically include one or more of the following mechanisms:
(a) Standard Contractual Clauses. We may implement the Standard Contractual Clauses (SCCs) as approved by the European Commission (and their equivalents for the UK, such as the International Data Transfer Agreement or Addendum) between us and the data recipient.
(b) Adequacy Decisions. We may transfer data to countries that the European Commission or the UK government have determined to provide an adequate level of data protection.
(c) Data Privacy Frameworks. For transfers to eligible companies in the United States, we may rely on their certification under the EU-U.S. Data Privacy Framework and/or the UK Extension thereto.
7.4. Further Information. You have the right to request further information about the safeguards we have in place for international transfers of your personal data. To do so, please contact us using the details provided in Section 1.
8. Retention
8.1. Principles. We keep personal data only for as long as necessary to fulfil the purposes described in this Policy or to comply with legal, accounting, or reporting obligations. When we no longer need personal data, we delete or irreversibly de-identify it.
8.2. Standard periods.
(a) Waitlist contact data (email, optional phone): until the earlier of (i) twelve (12) months after public launch of the service, or (ii) your withdrawal of consent or unsubscribe request. Unconfirmed email addresses collected for double opt-in are deleted within seventy-two (72) hours if not confirmed.
(b) Support and communications data: up to twelve (12) months after ticket closure, unless a longer period is required to handle follow-up requests or legal claims.
(c) Consent and preference records (including DOI logs): for the duration of your relationship with us plus three (3) years, for accountability and audit purposes.
(d) Security and system logs: up to twelve (12) months, unless a longer period is reasonably necessary to investigate incidents or comply with law.
(e) Server access logs: up to ninety (90) days, unless needed longer for troubleshooting or security.
8.3. Criteria. We determine retention based on the nature of the data, the risks of unauthorised use or disclosure, the purposes of processing, and applicable legal requirements (for example, statutory limitation periods).
8.4. Your choices. Where retention is based on your consent, you may withdraw consent at any time (see Section 9). We may retain limited information necessary to record that you opted out or unsubscribed.
9. Your Privacy Rights
9.1. Overview. You have certain rights regarding your personal data, which may vary depending on your place of residence. We are committed to honouring these rights. Below is a summary of the rights available under key data protection laws.
9.2. Rights for Individuals in the EEA, UK, and Switzerland. If you are located in these jurisdictions, you have the following rights under the GDPR / UK GDPR:
9.5. Right to Lodge a Complaint. If you are in the EEA or the UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data infringes applicable law.
10. Security
10.1. Our measures. We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include access controls, encryption in transit, network-level protections, system logging and monitoring, separation of environments, regular backups, and staff training on data protection.
10.2. Vendor security. Where we use service providers to process personal data on our behalf, we require them by contract to implement security measures that provide a level of protection at least comparable to our own and that are appropriate to the risks of their processing.
10.3. Incident response. We maintain procedures for identifying, investigating, and responding to suspected personal-data incidents. Where required by applicable law, we will notify you and/or the relevant authority without undue delay.
10.4. Your responsibilities. You are responsible for taking reasonable steps to secure your devices and communications, including using up-to-date software and applying standard security precautions when sharing information online.
10.5. No absolute security. No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect personal data, we cannot guarantee absolute security.
11. Changes to This Privacy Policy
11.1. Our right to update. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
11.2. Notice of changes. If we make material changes, we will provide you with reasonable advance notice by posting the updated Policy on the Site and, if you are on our waitlist, by sending a notification to the email address you provided. We encourage you to periodically review this Policy for the latest information on our privacy practices.
11.3. Effective date and acceptance. The "Effective Date" at the top of this Policy indicates when it was last revised. Your continued use of the Site after the new Effective Date constitutes your acknowledgment of the updated Policy. Where required by applicable law, we may seek your active consent to certain changes.
12. Language and Official Version
12.1. Governing language. Although this Privacy Policy may be translated into other languages, the governing language of this Privacy Policy is English.
12.2. Official version and location. The official, legally binding version of this Privacy Policy is the English-language version published on our Site at the following URL: https://meetris.com/en/privacy.
12.3. Updates and responsibility to review. You are responsible for regularly reviewing the URL in Section 12.2 for updates. We are not responsible for the accuracy or completeness of any version of this Privacy Policy obtained from a source other than our Site. Any printed or downloaded copies are for your personal reference only and may not be current.
Effective Date: October 8, 2025 | Version: 1.0
1. Who We Are and What This Policy Covers
1.1. Introduction. This Privacy Policy explains how Mindrock Holdings Ltd (“we,” “us,” or “our”) collects, uses, shares, and protects your personal data (also referred to as “personal information” in some jurisdictions) when you use our pre-launch website (the “Site”), including when you sign up for our waitlist. We are committed to protecting your privacy and being transparent about how we handle your information.
1.2. Data Controller. For the purposes of applicable data protection laws, such as the EU General Data Protection Regulation (GDPR) and the UK GDPR, and other applicable data protection laws in your jurisdiction, Mindrock Holdings Ltd is the “data controller” responsible for your personal data. This means we determine the purposes and means of processing your personal data. For the avoidance of doubt, Mindrock Holdings Ltd acts as an independent controller for the processing described in this Policy. In the U.S. state privacy laws at this pre-launch stage, we act as a “business” rather than a “service provider.” This role may differ under other jurisdictions’ laws and will be updated if our processing materially changes.
1.3. Our Details.
- Legal entity: Mindrock Holdings Ltd
- Corporate form: International Business Company (IBC)
- Jurisdiction of incorporation: Republic of Seychelles
- Registration Number: 247316
- Registered Address: 306 Victoria House, Victoria, Mahé, Seychelles
- Postal address for privacy correspondence: 306 Victoria House, Victoria, Mahé, Seychelles
- For privacy-specific questions or to exercise your data protection rights, please contact our data privacy team (Data Protection Lead) at: meetris080@gmail.com
- For general inquiries, please contact: meetris080@gmail.com
- EU Representative (pursuant to Art. 27 GDPR): To be appointed prior to actively offering the service or targeting individuals in the European Union. Once appointed, their details will be provided here.
- UK Representative (pursuant to Art. 27 UK GDPR): To be appointed prior to actively offering the service or targeting individuals in the United Kingdom. Once appointed, their details will be provided here.
2. Scope & Audience
2.1. Scope of this Policy. This Privacy Policy applies to our pre-launch website and related waitlist and communication features (the “Site”). It covers the processing of personal data that occurs when you browse the Site, submit your contact details to join the waitlist, or communicate with us through the Site’s forms or the contact channels listed in Section 1.
2.2. What is not covered. This Policy does not apply to any post-launch accounts, in-product features, payments, payouts, user-generated content, or other services that may be offered in the future. Those activities, if and when offered, will be governed by separate privacy disclosures made available at that time.
2.3. Audience and age requirement. The Site is intended for adults only. You must be at least eighteen (18) years old, or the age of majority in your place of residence if higher, to use the Site. We do not knowingly collect personal data from children.
2.4. Geographic reach. This Policy applies to users worldwide. Depending on where you reside, additional notices or rights may apply to you (for example, under EU/UK data protection law, U.S. state privacy laws, or other mandatory local laws). Where a provision of this Policy conflicts with mandatory law that applies to you, the mandatory law prevails.
2.5. Relationship to the Terms. Your use of the Site is governed by the Pre-Launch Terms of Use (https://meetris.com/en/terms_of_use). Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms.
3. What Personal Data We Collect
3.1. Data minimisation principle. We believe in data minimisation and collect only the personal data that is necessary for the purposes described in this Policy. The personal data we collect can be grouped into the categories listed in 3.2 — 3.3 below.
3.2. Data you provide directly to us.
We collect personal data that you voluntarily submit to us when you interact with the Site. This includes:
(a) Waitlist Information, which consists of your email address and, if you choose to provide them, your telephone number or a nickname, collected when you sign up for our waitlist;
(b) Communications data: your contact details, the content of your messages, and any other information you choose to provide when you contact us through our support channels or web forms (collectively, “Communications Data”).
3.3. Data we collect automatically.
As you navigate the Site, we may automatically collect certain technical data about your device and browsing activity. This information includes:
(a) Technical and Log Data, such as your IP address, browser type and version, device identifier, operating system, and general geographic location (e.g., country or city). We also process server logs, which record the date and time of your access, the pages you viewed, and details of your requests (collectively, “Technical Data”).
(b) Cookie Data. We use strictly necessary cookies to ensure the Site functions correctly. Subject to your consent, we may also use analytics cookies to generate aggregated data about visitor interactions. This type of data collection is described in detail in Section 5 of this Policy.
3.4. Data we do not collect. We do not actively seek to collect, and you should not provide, any "special categories of personal data" (such as health data, data revealing ethnic origin, or political opinions). At this pre-launch stage, we do not record any video or audio from your device, nor do we use your personal data for automated decision-making that would produce legal or similarly significant effects on you.
4. Why We Use Personal Data (Purposes and Legal Bases)
4.1. Overview. We process personal data only for specific, explicit, and legitimate purposes, and only where permitted by applicable law. Depending on where you live, the applicable legal basis or classification may differ (for example, consent, contract necessity, legitimate interests, legal obligation, or an equivalent concept under local law). Where a jurisdiction (such as the EU/EEA or the UK) requires identification of a specific legal basis, the basis is indicated for each purpose. In U.S. state privacy regimes, these purposes align to “business purposes” and compatible uses.
4.2. Waitlist enrolment and launch updates. We use your Waitlist Information to register you for our waitlist, send a confirmation email to verify your request (double opt-in), and notify you of important news, such as the official launch of our service.
Legal basis where required: contract necessity and/or legitimate interests to register your request and notify you about service availability; where local law requires prior consent for electronic communications, we will seek it (see the marketing checkbox).
4.3. Direct responses to your inquiries. We use your Communications Data to respond to your inquiries, provide support, and send you essential, non-promotional messages related to your waitlist status or significant changes to our Terms or this Policy.
Legal basis where required: legitimate interests in providing and improving the Site and communicating with users; where a response is necessary to take steps at your request prior to entering into a contract, contract necessity may apply. You may object to processing based on legitimate interests (see Section 9).
4.4. Site operation and improvement. We use Technical Data to analyze the performance of our Site, diagnose errors, understand visitor trends at an aggregate level, and inform our future product development.
Legal basis where required: legitimate interests in maintaining and improving our service for analytics based on aggregated, anonymised server-side logs that do not use cookies; consent for analytics involving cookies. You may withdraw your consent at any time or object to processing based on legitimate interests (see Section 9).
4.5. Security, fraud prevention, and abuse prevention. We process Technical Data and other relevant information to protect the security and integrity of our Site, prevent spam and fraud, investigate suspicious activity, and enforce our Pre-Launch Terms of Use.
Legal basis where required: legitimate interests in securing our systems and users; where applicable, legal obligation.
4.6. Recordkeeping for consent and compliance. We process certain data, such as your consent records, to document our compliance with legal obligations and for accountability purposes.
Legal basis where required: legal obligation where imposed by law; otherwise legitimate interests.
4.7. Marketing by SMS or instant messaging. If we offer this option in the future and you explicitly consent, we will use your contact details to send you marketing messages via these channels.
Legal basis where required: consent. You may withdraw consent at any time.
4.8. Enforcement of the Terms and protection of rights. We may use your personal data to enforce our Pre-Launch Terms of Use, pursue or defend legal claims, and protect our rights and the rights of others.
Legal basis where required: legitimate interests; where applicable, legal obligation.
4.9. No sale or sharing for targeted advertising. We do not “sell” personal information or “share” it for cross-context behavioural advertising at this pre-launch stage of the Site. If this changes, we will update this Policy and provide all required notices and opt-out mechanisms before any such processing begins.
4.10. Your right to object (where applicable). Where we rely on legitimate interests, you may object to such processing on grounds relating to your particular situation, in jurisdictions that recognise this right. We will honour your objection unless we demonstrate compelling legitimate grounds or the processing is required for the establishment, exercise, or defence of legal claims.
5. Cookies & Similar Technologies
5.1. What Are Cookies? Cookies are small text files that are placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. "Similar technologies" refers to other tools that function like cookies, such as web beacons or pixels.
5.2. How We Use Cookies. We use cookies for the following purposes:
(a) Necessary Cookies. These cookies are essential for you to browse the Site and use its features, such as maintaining a secure session or managing your cookie consent preferences. These cookies are always active and do not require your consent.
(b) Analytics Cookies. Subject to your consent, we may use these cookies to collect information about how you interact with our Site. This helps us understand usage patterns, identify popular pages, and improve the Site’s performance and design. These cookies are disabled by default.
(c) Marketing Cookies. We do not use marketing or advertising cookies at this pre-launch stage of the Site.
5.3. Your Choices and How to Manage Cookies. You have full control over non-necessary cookies. When you first visit our Site, you will see a cookie consent banner where you can accept all, reject all, or customise your preferences. You can change your mind and withdraw your consent at any time through our Consent Management Platform (the “CMP”), accessible via the “Cookie Settings” link in the Site’s footer. Your browser settings also allow you to block or delete cookies; doing so may affect the Site’s functionality.
5.4. Global Privacy Control. Global Privacy Control (“GPC”) is a browser or extension signal that tells websites you want to opt out of tracking beyond what is necessary. Where required by law, we respect a valid GPC signal as an effective opt-out of consent for any analytics cookies on this Site. If you later choose different settings in the CMP, those settings will govern.
5.5. Cookie List. For a detailed and up-to-date list of the specific cookies we use, their purpose, and their duration, please refer to our CMP.
6. Sharing & Processors
6.1. Service providers (processors). We use third-party service providers to operate the Site and communicate with you. These providers act on our instructions under written contracts and are bound by confidentiality and data-protection obligations. Categories include: hosting and content delivery networks, email delivery services, consent-management platforms, basic analytics (if enabled), and customer-support tools.
6.2. No sale or sharing for targeted advertising. We do not “sell” personal information or “share” it for cross-context behavioural advertising at this pre-launch stage of the Site. If this changes, we will update this Policy and provide all required notices and opt-out mechanisms before any such processing begins.
6.3. Legal disclosures and protection of rights. We may disclose personal data to competent authorities or third parties where we believe disclosure is necessary to comply with law or legal process, to enforce our Terms, or to protect the rights, safety, and security of our users, the public, or the Site.
6.4. Corporate transactions. We may disclose or transfer personal data in connection with a merger, acquisition, financing, reorganisation, sale of assets, or similar corporate transaction. We will take steps to ensure the recipient honours this Policy or provides materially equivalent protection.
6.5. Aggregated and de-identified data. We may use, share, or publish aggregated or de-identified information that does not identify you, provided we take reasonable measures to prevent re-identification.
6.6. International transfers. Where sharing involves a recipient outside your jurisdiction, we implement appropriate safeguards as described in Section 7 (International Data Transfers).
7. International Data Transfers
7.1. Our Global Operations. We operate as a global business, and the service providers we use to operate our Site may be located in various countries around the world. As a result, your personal data may be transferred to, stored, and processed in countries other than your own, including the United States, which may have data protection laws that are different from the laws of your country.
7.2. Safeguards for International Transfers. We are committed to ensuring that your personal data is protected wherever it is processed. When we transfer personal data from jurisdictions with specific cross-border transfer restrictions (such as the European Economic Area, the United Kingdom, or Switzerland) to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate legal safeguards.
7.3. Transfer Mechanisms. These safeguards typically include one or more of the following mechanisms:
(a) Standard Contractual Clauses. We may implement the Standard Contractual Clauses (SCCs) as approved by the European Commission (and their equivalents for the UK, such as the International Data Transfer Agreement or Addendum) between us and the data recipient.
(b) Adequacy Decisions. We may transfer data to countries that the European Commission or the UK government have determined to provide an adequate level of data protection.
(c) Data Privacy Frameworks. For transfers to eligible companies in the United States, we may rely on their certification under the EU-U.S. Data Privacy Framework and/or the UK Extension thereto.
7.4. Further Information. You have the right to request further information about the safeguards we have in place for international transfers of your personal data. To do so, please contact us using the details provided in Section 1.
8. Retention
8.1. Principles. We keep personal data only for as long as necessary to fulfil the purposes described in this Policy or to comply with legal, accounting, or reporting obligations. When we no longer need personal data, we delete or irreversibly de-identify it.
8.2. Standard periods.
(a) Waitlist contact data (email, optional phone): until the earlier of (i) twelve (12) months after public launch of the service, or (ii) your withdrawal of consent or unsubscribe request. Unconfirmed email addresses collected for double opt-in are deleted within seventy-two (72) hours if not confirmed.
(b) Support and communications data: up to twelve (12) months after ticket closure, unless a longer period is required to handle follow-up requests or legal claims.
(c) Consent and preference records (including DOI logs): for the duration of your relationship with us plus three (3) years, for accountability and audit purposes.
(d) Security and system logs: up to twelve (12) months, unless a longer period is reasonably necessary to investigate incidents or comply with law.
(e) Server access logs: up to ninety (90) days, unless needed longer for troubleshooting or security.
8.3. Criteria. We determine retention based on the nature of the data, the risks of unauthorised use or disclosure, the purposes of processing, and applicable legal requirements (for example, statutory limitation periods).
8.4. Your choices. Where retention is based on your consent, you may withdraw consent at any time (see Section 9). We may retain limited information necessary to record that you opted out or unsubscribed.
9. Your Privacy Rights
9.1. Overview. You have certain rights regarding your personal data, which may vary depending on your place of residence. We are committed to honouring these rights. Below is a summary of the rights available under key data protection laws.
9.2. Rights for Individuals in the EEA, UK, and Switzerland. If you are located in these jurisdictions, you have the following rights under the GDPR / UK GDPR:
- (a) Right of access: The right to request a copy of the personal data we hold about you.
- (b) Right to rectification: The right to request that we correct any inaccurate or incomplete personal data.
- (c) Right to erasure (‘Right to be forgotten’): The right to request that we delete your personal data, under certain conditions.
- (d) Right to restrict processing: The right to request that we limit the processing of your personal data, under certain conditions.
- (e) Right to data portability: The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- (f) Right to object: The right to object to our processing of your personal data where we rely on legitimate interests as our legal basis.
- (g) Right to withdraw consent: The right to withdraw your consent at any time where we rely on consent to process your data.
- (a) Right to know and access: The right to know what personal information we have collected about you and to receive a copy of it.
- (b) Right to deletion: The right to request that we delete your personal information.
- (c) Right to correction: The right to request that we correct inaccuracies in your personal information.
- (d) Right to opt-out of sale/sharing: As stated in this Policy, we do not “sell” or “share” your personal information for cross-context behavioural advertising at this stage. If this changes, we will provide a clear mechanism to opt out.
- (e) Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.
9.5. Right to Lodge a Complaint. If you are in the EEA or the UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data infringes applicable law.
10. Security
10.1. Our measures. We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include access controls, encryption in transit, network-level protections, system logging and monitoring, separation of environments, regular backups, and staff training on data protection.
10.2. Vendor security. Where we use service providers to process personal data on our behalf, we require them by contract to implement security measures that provide a level of protection at least comparable to our own and that are appropriate to the risks of their processing.
10.3. Incident response. We maintain procedures for identifying, investigating, and responding to suspected personal-data incidents. Where required by applicable law, we will notify you and/or the relevant authority without undue delay.
10.4. Your responsibilities. You are responsible for taking reasonable steps to secure your devices and communications, including using up-to-date software and applying standard security precautions when sharing information online.
10.5. No absolute security. No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect personal data, we cannot guarantee absolute security.
11. Changes to This Privacy Policy
11.1. Our right to update. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
11.2. Notice of changes. If we make material changes, we will provide you with reasonable advance notice by posting the updated Policy on the Site and, if you are on our waitlist, by sending a notification to the email address you provided. We encourage you to periodically review this Policy for the latest information on our privacy practices.
11.3. Effective date and acceptance. The "Effective Date" at the top of this Policy indicates when it was last revised. Your continued use of the Site after the new Effective Date constitutes your acknowledgment of the updated Policy. Where required by applicable law, we may seek your active consent to certain changes.
12. Language and Official Version
12.1. Governing language. Although this Privacy Policy may be translated into other languages, the governing language of this Privacy Policy is English.
12.2. Official version and location. The official, legally binding version of this Privacy Policy is the English-language version published on our Site at the following URL: https://meetris.com/en/privacy.
12.3. Updates and responsibility to review. You are responsible for regularly reviewing the URL in Section 12.2 for updates. We are not responsible for the accuracy or completeness of any version of this Privacy Policy obtained from a source other than our Site. Any printed or downloaded copies are for your personal reference only and may not be current.
