Privacy Policy

  • Updated: 01/05/2024

Introduction

This Privacy Policy governs the practices of how Mesi (the Mesi entities as detailed in Section 2 below, referred to herein as “we”, “our”, “ours” or “us”) collects, uses, transfers, and shares personal information related to the use of our Services by our Users (referred to herein as “you”, “your”, or “yours”) in accordance with data privacy laws and regulations applicable to us and you as our User. This Policy is designed to ensure the transparent, lawful, equitable, and secure management of the personal data of our Users.

Our Privacy Policy explains what kind of personal data we gather through Services, which include services you access through Mesi websites and any other sites associated with Mesi (collectively referred to as “the Website”), Mesi applications and software developed by Mesi independently or through contractual third parties, including the Mesi App custodial wallet, web applications, mobile applications, trading platforms, and any other applications and software associated with Mesi (collectively referred to as “the Platform”) as well as all products, smart contracts, protocols and the native MESI token (“Token”). It demonstrates how and why we collect personal data, our purposes for its use, and the third parties with whom we may share it. Moreover, it explains how you as a data subject may exercise your rights in relation to your personal data.

Mesi is located in Costa Rica and operates under the jurisdiction of Costa Rican laws and regulations, including the applicable data protection laws. If you reside outside of the United Kingdom (UK), European Union (“EU”) or European Economic Area (“EEA”), your access to and use of our Services shall mean your acceptance of this Policy. However, it is important to note that certain Users may be subject to the European Union's General Data Protection Regulation (the “GDPR”) under specific circumstances. The GDPR applies to individuals (and not companies or other legal persons) who are located or residing in the EU and EEA at the time their personal data is collected or processed, regardless of the location of the company processing their data (hereinafter, the “GDRP-Covered User”). Therefore, if you are located in the EU or EEA when using our services or accessing our website, the GDPR may apply to the processing of your personal data by Mesi. If the GDPR applies to you based on the criteria mentioned above, you are entitled to certain rights under the regulation, including but not limited to the right to access, rectify, erase, or restrict the processing of your personal datain accordance with the Rights of Data Subject outlined in Section 8 of this Policy.

Should any alterations be made to this Policy (alongside other policies, including our Terms of Service), we will notify you of such changes through our official communication channels, including email, and internal notifications, as well as directly on this page.

We strongly encourage you to read this Policy in its entirety to understand the processes involving your data and your associated rights. For inquiries related to this Privacy Policy, data collection and usage, data disclosure, and sharing, or any other concerns or requests related to your personal data, please do not hesitate to get in touch with us by writing to us at contact@mesi.app.

1. Definitions

The following section covers the basic definitions used in this Privacy Policy. It describes what is meant by your personal data and who controls and processes your personal data.

Personal Data

  • Personal data means any information that relates to an identified or identifiable natural person. This includes details like names, addresses, email addresses, identification numbers, and even things like IP addresses or cookie identifiers, as well as any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.

Data Subject

  • The data subject is the person who the personal data is about. In simpler terms, it’s you or any other individual whose personal information is being collected and processed.

Data Controller

  • The data controller is the one who determines the purposes and means of processing personal data. In other words, they're the boss when it comes to deciding why and how your data is used. In this case, it would be us.

Data Processor

  • The data processor, on the other hand, processes personal data on behalf of the data controller. In our case, they are vendors and partners we collaborate with that process your personal data for purposes determined by us.

2. Mesi Entities and Relationship with You

For GDPR-Covered Users: MESI GLOBAL S.R.L. (also referred to as “Entity 1”) and [Entity #2] are joint controllers of your personal data. As such, Entity 1 acts as a primary controller, meaning that it is responsible for providing you with relevant information under the GDPR as well as responding to your requests and inquiries submitted to us.

Please see the table below for detailed information on the range of services provided to you by each of the Mesi entities and the contact information of each entity. You can see more about how you can exercise your rights as a data subject under Section 8 of this Policy.

Entity: MESI GLOBAL S.R.L.

Legal Address: San Rafael de Escazú, Del Centro Comercial La Paco, Trescientos Metros Norte, Plaza Florencia, Local Diez, 10203 San Jose, Costa Rica

Registry Code: 3-102-895361

Services Provided: Mesi social platform with all its an-chain and off-chain elements, the Mesi App, the Website and the Platform, MESI Token, including its issue and distribution

3. Information We Collect

In order to provide our Services, we need to gather information about you. Due to the decentralized nature of our Services, we strive to collect as little personal information from you as possible, minimizing it to the information strictly necessary to provide our Services. This information may be collected by various means, for example, directly from you when you reach out to us by email or through our Telegram channel, or, in some cases, through third parties, to an extent necessary to provide our Services. Below you will find information about personal data that we may collect through the aforementioned means.

We will never request information related to your racial or ethnic background, personal life, sexual orientation, political views, philosophical or religious beliefs, biometric or genetic data, or trade union membership.

Information that You Provide

This category covers content and details that you provide while accessing and using our Services. We collect the following personal information as outlined below:

Basic User Data

  • Username, Email address

Account Data

  • Profile pictures and avatars, User-generated content (profile descriptions, bios), User preferences and settings

Location Data

  • GPS coordinates, Location history, Wi-Fi access point data, IP addresses

Wallet Data

  • Wallet address

Usage Data

  • Website or Platform usage patterns, Session durations, Pages visited, Clickstream data, Error logs and crash reports

Referral Data

  • Information about new Users referred to the Platform through referral programs and partnership mechanisms

Communications Data

  • Information submitted to you through our communication channels and over the course of our communication with you through the Customer Support channels, for example, via SMS or email; Survey responses; Information submitted through chatbots.

Social Media Data

  • Social media profiles, User-generated content (posts, comments), Friends and connections, Social network activity

Information from Third Parties

In our continuous effort to provide you with our Services, we may obtain personal data from third-party partners and vendors. In case of such integration, the information collected by our partners is shared with us. We require our partners to have lawful purposes to collect, process, and use your personal data before sharing it with us. There are multiple instances in which we may collect personal information from third-party partners and vendors, which you can see in the table below.

Marketing Data

  • This data aids us in refining our marketing strategies and offering you personalized recommendations. In turn, advertisers may provide us with personal data to assess the effectiveness of advertising campaigns and optimize ad targeting. This data may include Marketing preferences, Subscriptions and newsletter preferences, Responses to marketing campaigns, Engagement with promotional materials, Conversion data, and Referral sources.

Blockchain Data

  • We may collect publicly available blockchain data to monitor and detect illegal activities, including those defined by applicable laws and regulations. This data may include blockchain transaction details, public wallet addresses, and other relevant blockchain information.

Analytics Data

  • This data includes information we receive from our analytics partners and service providers to help us gain insights into how you use and interact with our Services. Information received from such partners may include Website usage statistics, Interactions, Questionnaire and survey responses, and Age groups.

Research Data

  • In some cases, we will use the services of third-party providers to conduct research related to our Services to learn of how our Users interact with our Services, their expectations of using the Services, and User experiences. We ensure that the information we receive from such partners is always pseudonymized.

Information Collected Automatically

This type of information is collected from you without the involvement of us or our third-party partners, mainly by your access to the Website and the Platform and the use of our Services. Such information includes the following categories and examples:

Platform, Website, and Device Data

  • Device characteristics and identifiers, Device information, Operating system information, Browser type and information, IP addresses, Information about the network used, Plugin data, etc.

Activity Data

  • Clickstream information, or the information about what you click on when interacting with the Website and the Platform

Troubleshooting Data

  • Diagnostic and performance information, such as crash logs, timestamps, performance logs, error messages, etc.

Cookies Data

  • Information received from the use of cookies.

Communications

If you reach out to us directly, we may request additional information such as your name, email address, personal address, phone number, and other relevant personal details. Whenever we ask for this information during communication, we will clearly explain the reasons behind it.

Please note that we will never ask you to provide your private keys when communicating with you. You should exercise caution and responsibility regarding the handling and safeguarding of your cryptocurrency wallet's private keys. In the event of a private key loss or compromise, we cannot intervene or rectify the situation. You are solely responsible for the protection and retention of your private keys.

4. How We Use Your Data

Lawful Basis and Legitimate Interest

Our collection, use, and sharing of your personal data are founded on the basis of your explicit consent. various lawful bases, depending on the context. This typically occurs when you have reviewed our data processing purposes and willingly agreed to them. Examples include subscribing to our marketing notifications and campaigns or permitting the use of your personal information to enhance your experience while using our Services.

If you are a GDPR-Covered User, we may collect, process, use, and share your personal data on some additional legal bases other than explicit consent that are applicable under the GDPR. The following scenarios represent the circumstances in which we engage in data collection if you are a GDRP-Covered User:

Performance of a contract

  • We process your information when it is essential to perform a contract with you (for example, our Terms of Service). This encompasses situations where your data is required for processing and finalizing your orders or adhering to the terms of any other contractual agreement we have entered into with you. It also includes enforcing the terms of this Policy and other agreements, providing our Services, ensuring the quality of our Services, and offering customer service and support.

Legal Obligation

  • We use your data when there is a legal obligation that necessitates data disclosure. This occurs when compliance with legal requirements imposed by law or legal orders is mandatory.

Legitimate Interests

  • We may process your personal data when we have a legitimate interest that aligns with the operation and provision of our Services. This includes activities aimed at improving our Services, maintaining proper security measures, and preventing illegal activities related to your data. Our legitimate interests are pursued only when they do not infringe upon your fundamental rights.

Below you will find the list of purposes for which we use your data, and what lawful bases we invoke for its use.

Lawful Basis / How we use your data / Category of Personal Information

Performance of a contract

Creating your Mesi Account:

In order to ensure your access to and use of our Services and the entire functionality of the Mesi ecosystem.

  • Basic User Data, Account Data, Location Data

Providing and Maintaining Services

Managing the operation and maintenance of our Services to ensure their functionality and availability, including the availability of the Mesi ecosystem and its components, the Delegation Program, the Wallet, as well as maintenance and operability of the Platform and the Website.

  • Basic User Data, Account Data, Location Data, Wallet Data, Usage Data, Referral Data, Communications Data, Social Media Data, Marketing Data, Blockchain Data, Analytics Data, Research Data, Marketing Data, Blockchain Data, Analytics Data, Research Data, Platform, Website, and Device Data, Activity Data, Troubleshooting Data, Cookies Data

Providing Customer Support: Communicating with you for customer support, responding to your questions and inquiries via email and through social media channels, such as Telegram.

  • Basic User Data, Account Data, Location Data, Usage Data, Communications Data

Sending Service Notifications: Providing information and notifications regarding changes and updates to the Services, and important service-related information.

  • Basic User Data, Usage Data, Communications Data, Social Media Data

Sending User Notifications: Sending various communications, including notifications, reminders, and confirmations, to keep you informed about your activities involving our Services.

  • Basic User Data, Usage Data, Communications Data, Social Media Data

Ensuring Safety and Security: Promoting the safety, security, and integrity of our Services and data through protective measures and ongoing monitoring, including those aimed at preventing fraud and misuse of our Services.

  • Basic User Data, Account Data, Location Data, Usage Data, Communications Data, Platform, Website, and Device Data, Activity Data, Troubleshooting Data, Cookies Data

Legitimate Interest

Service Improvement: Continuously improving the quality, performance, and features of our Services to grow our business continuously, to implement the industry's best practices and adhere to its standards, to attract potential customers and users to use the Services.

  • Basic User Data, Account Data, Location Data, Usage Data, Referral Data, Communications Data, Analytics Data, Research Data

Research and Development: Conducting research and development activities related to our Services, including the development of new features, functionalities of the Platform, and the introduction of new products and services; to improve the functionality of our Services, to ensure the competitiveness of our Services, to grow our business and attract potential customers and users by introducing novel features and ensuring continuous development of the Services. 

  • Basic User Data, Account Data, Location Data, Usage Data, Referral Data, Communications Data, Social Media Data, Marketing Data, Analytics Data, Activity Data

Measurement and Analytics: Performing measurement and analytics to understand how our users interact with our Services, analyze user behavior, and identify user preferences, to learn how users interact with and use our Services, the Website and the Platform, to conduct studies, to develop marketing strategy and implement amendments to the Services, fixes, and new features

  • Basic User Data, Account Data, Location Data, Usage Data, Referral Data, Communications Data, Social Media Data, Analytics Data, Research Data

Ensuring Security: to ensure security of your data and Tokens, to prevent unauthorized access to your Account and irreversible loss of funds.

  • Basic User Data, Account Data, Location Data, Blockchain Data, Platform, Website, and Device Data, Activity Data, Troubleshooting Data

Personalization: Tailoring user experiences based on preferences and behaviors for personalized content and recommendations, to ensure that our users receive information and content that they opt to see, to enhance user experience and customer satisfaction.

  • Basic User Data, Account Data, Location Data, Communications Data, Analytics Data, Research Data, Activity Data, Cookies Data

Engaging Third-Party Service Providers: Engaging third-party service providers for specific tasks such as research, marketing, analytics, Website and Platform management, development and operability, and customer support.

  • Basic User Data, Account Data, Location Data, Usage Data, Communications Data, Social Media Data, Marketing Data, Blockchain Data, Analytics Data, Research Data, Platform, Website, and Device Data, Activity Data, Troubleshooting Data, Cookies Data

User Feedback: Collecting user feedback to improve our services and gather valuable insights, to gather feedback from our users to learn of errors, issues and problems arising from the use of Services, to implement fixes, to develop new features and ensure the customer satisfaction with our Services.

  • Basic User Data, Account Data, Location Data, Communications Data, Platform, Website, and Device Data, Activity Data, Troubleshooting Data

Partnerships and Collaborations: Sharing data with partners, collaborators, or affiliates for joint initiatives, promotions, or integrated services, to ensure certain functionality of our Website and Platform, to develop and grow our business.

  • Basic User Data, Communications Data, Social Media Data, Marketing Data, Blockchain Data, Analytics Data, Research Data

User Education and Manuals: Providing educational resources and materials to enhance user knowledge and promote secure service usage.

  • Basic User Data, Social Media Data, Research Data

Compliance with Our Legal Obligations

Compliance with Laws and Regulations: Ensuring compliance with relevant laws and regulations, including anti-money laundering, terrorism financing, fraud prevention, and other financial crime regulations. Ensuring that we do not deal with funds resulting from proceeds of crime, such as money laundering or terrorist financing, and do not assist in or facilitate in any manner any financial crime and other criminal activities.  

  • Basic User Data, Account Data, Location Data, Wallet Data, Usage Data, Referral Data, Communications Data, Social Media Data, Marketing Data, Blockchain Data, Analytics Data, Research Data, Platform, Website, and Device Data, Activity Data, Troubleshooting Data, Cookies Data

Record-Keeping: Maintaining records for auditing, accounting, and compliance purposes in accordance with applicable laws.

  • Basic User Data, Account Data, Location Data, Wallet Data, Usage Data, Referral Data, Communications Data, Social Media Data, Blockchain Data, Platform, Website, and Device Data, Activity Data, Troubleshooting Data, Cookies Data

Your concent

Marketing Communications: Using social media channels for the purposes of advertising, notification, and marketing.

  • Basic User Data, Account Data, Communications Data, Social Media Data, Marketing Data, Analytics Data, Cookies Data

5. How We Share Your Data

We may share the information we collect with various third parties to support and enhance our business operations.

Note for GDPR-Covered Users: Please be aware that certain service providers operate outside of the EU/EEA area. For detailed information on how your data is handled when shared with third parties located outside of the EU/EEA, please refer to the section on Data Transfers Outside EU/EEA below. This section clarifies the types of third parties with whom we share information and highlights the presence of non-EU/EEA service providers for transparency regarding data handling practices.

Vendors and Service Providers

We collaborate with vendors and service providers who assist us in maintaining and optimizing our business. These service providers encompass a range of functions, including web and mobile analytics services, advertisers, IT partners, such as hosting and software providers as well as sales and marketing products.

Credit and Financial Institutions

We may share your information with credit and financial institutions, to process your transaction and complete your orders. Payment providers collect information specifically for the purposes of processing your transaction: for further details, please kindly read the privacy policy of the respective credit or financial institution used by you. We may forward your information to credit and financial institutions in order to finalize your order; however, we never keep your payment information or use it in any way but to process your transaction.

Third-Party VASPs

In certain instances, we may share your personal information with third-party VASPs to facilitate the exchange of fiat currency to cryptocurrency as part of your transactions. For the purpose of completing the exchange of fiat currency to cryptocurrency as part of your transactions, we may share your relevant personal information with third-party Virtual Asset Service Providers (also referred to in this Policy as “VASPs”). These VASPs are integral to ensuring the successful execution of your fiat-to-cryptocurrency transactions and enabling you to start trading on the Platform. To understand how these VASPs collect, use, and protect your personal information, we recommend reviewing their respective privacy policies.

Third-Party Wallet Providers

As part of the functionality to facilitate trading activities on the Platform, we may share certain information with third-party wallet service providers. The information shared with these third-party wallet providers may include details related to your connected wallet, transaction history, account information, and other relevant data necessary for the proper functioning of trading activities and transactions.

Identity Verification Services

To ensure compliance with legal requirements under relevant law and to uphold the safety, transparency, and lawfulness of your activities, including the creation of your Account and in the event of your participation in the sale of the Token through the ITO, we utilize third-party identity verification services. By using our verification partners' services, we cross-reference the personal information you provide, or that is provided by a third party, with the information available in our verification partners' databases and/or public records.

Advertisers

In our commitment to providing you with a seamless experience, we may share certain information with advertisers who play a role in enhancing our Services. These advertisers assist us in delivering relevant content and promotions tailored to your interests. The information shared with advertisers may include user preferences, interaction patterns, engagement with advertising campaigns, and interest-based data. Our collaboration with advertisers aims to provide you with advertisements that align with your preferences and interests.

Business Partners

To jointly deliver integrated services, promotions, or joint initiatives, we may share specific information with our trusted business partners in various fields. The data shared with business partners can encompass a variety of relevant information to support our shared objectives. Any information shared is handled in compliance with data protection laws and regulations, and it is used exclusively for the purposes of delivering the intended services and enhancing your overall experience.

Law Enforcement

In exceptional circumstances and as required by applicable laws and regulations, we may share your information with law enforcement agencies and competent authorities. This is done to support investigations, maintain legal compliance, and ensure the safety and security of our Services and Users. It may be necessary in the case of court proceedings, complying with a legal order or other legal process, as well as for the purposes of financial crime, money laundering and terrorism financing prevention, if we have strong grounds to believe any natural or legal person to be involved in or associated with the said forms of crime.

Transfers, Mergers, and Acquisitions

In cases of our insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets or succession, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.

6. How Your Data Is Secured

We consider the security of your personal information to be of paramount importance. We employ a range of technical, organizational, and administrative measures designed to safeguard your data against unauthorized access, disclosure, alteration, and destruction. These security measures include:

Data encryption, for which we use industry-standard encryption protocols to protect data during transmission and storage. This ensures that your information remains confidential and secure.

Access controls, or making sure that your personal information is restricted to authorized personnel, partners and employees who require access for specific purposes. When these purposes are fulfilled, and the person no longer needs your data to perform their responsibilities, we may revoke access to your personal information to avoid its use for illegitimate purposes or purposes not related to the provision of services to you. Access controls and authentication mechanisms are implemented to verify and restrict access.

Employee training, which ensures that our staff is trained in matters related to data security and that they handle your information with care and adhere the terms of this Privacy Policy and all the relevant data protection laws and regulations.

Data backups, which we perform to prevent data loss in case of unexpected events or system failures. In addition to that, we have established incident response procedures to promptly address and mitigate any security incidents or breaches, should they occur.

The nature of blockchain technology itself, which inherently provides transparency, immutability, and decentralization.In other words, your transactional and personal data is stored securely across multiple nodes, reducing the risk of unauthorized alterations or data breaches.

Granting you control over your data, meaning that as a User, you maintain control over your personal information through your Account and additional security settings available to you through the interface.

Conducting regular audits and updates to identify and mitigate potential vulnerabilities or weaknesses in the Website’s and the Platform's infrastructure.

Data minimization, which means that we collect and store only the minimum amount of personal information necessary to facilitate your transactions and provide our Services. Unnecessary data is not retained, reducing the potential impact of any security incidents.

User education, meaning that we actively provide resources and guidance to educate you about the nature of our Services and blockchain technology in general, blockchain security best practices, and the responsible management of private keys and cryptocurrency assets. In the long term, this self-awareness helps you understand and protect your data.

If you ever have concerns about the security of your data, suspect any unauthorized activity, or would like to know the specific measures undertaken to secure your personal data, please don't hesitate to contact us via email at contact@mesi.app

7. Data Retention

Your personal information is held and stored securely for the duration of your active account with us. We are committed to retaining your personal information only for the period necessary to fulfill the specific purposes for which it was collected. But in any event not longer than 10 years. The retention periods may vary depending on the type of personal information and the purposes for which it was initially gathered. Here's an outline of our data retention practices.

Category / Retention purposes and periods:

Legal obligations

Personal information related to our legal obligations, such as compliance with anti-financial crime and anti-money laundering laws and regulations, may be stored for as long as necessary by these legal requirements.

Marketing contact information

Contact information used for marketing purposes is retained only for the duration of your consent. If you decide to withdraw your consent, this data is promptly deleted from our records.

Correspondence with us

Correspondence with us may be retained for a period of up to five years. This ensures that we can maintain accurate records for quality assurance, dispute resolution, and compliance purposes.

Technical information

Information collected through technical means, such as cookies and analytics, is retained for a period of up to one year. This data assists us in improving the performance and functionality of our services and enhancing your overall experience.

Transaction history

Transaction records, including details of cryptocurrency transactions and smart contract interactions, may be retained for a period of up to five years to ensure transparency, auditability, and dispute resolution. These records help users track their transaction history and support the integrity of the blockchain network.

Smart contract data

Data related to smart contracts executed within the Network may be retained indefinitely on the blockchain for transparency and verification purposes. Smart contract data is typically accessible and immutable as per the nature of blockchain technology.

User preferences

User preferences and settings, such as language preferences or interface customization, may be stored for as long as necessary to maintain a personalized user experience. This data allows users to have a consistent and tailored interaction with the Services.

Error and debug logs

Logs of errors and debugging information may be retained for a period of up to three years to identify and resolve technical issues. These logs support the continuous improvement and maintenance of the Website's and Platform’s functionality.

Consent records

Records of user consents, particularly in the context of data processing, are retained for as long as the consent is valid plus five years after its withdrawal. These records help verify that users have provided informed consent for specific data processing activities and comply with the relevant legal requirements imposed on us.

Blockchain metadata

Metadata associated with blockchain transactions, such as timestamps and block numbers, may be retained as part of the blockchain's permanent ledger.

Security and Access Logs

Logs of user access and security-related events, such as login attempts and authentication records, may be retained for security monitoring and threat detection purposes for the period of up to five years. These logs help protect the user accounts from unauthorized access and breaches.

8. Your Rights as Data Subject

As a User of our Services, you have certain rights regarding the personal data that we collect and use. These rights are designed to provide you with control and transparency over your data. The following are your rights as a data subject:

Right to Access: You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation of whether we are processing your personal data and, if so, access to specific details of that processing.

Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request the correction or completion of such data.

Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data under certain circumstances. This right is not absolute and may be subject to legal requirements or legitimate interests that override your request.

If you are a GDPR-Covered User, note that there are some additional data subject rights that apply to you and which you may exercise at any time:

Right to Restriction of Processing: You can request the restriction of processing of your personal data in certain situations. This means that we will limit the way in which we use your data, but we may continue to store it.

Right to Data Portability: In some cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

Right to Object: You have the right to object to the processing of your personal data, including for direct marketing purposes or when we rely on legitimate interests as our legal basis for processing.

Rights Related to Automated Decision-Making and Profiling: We commit to transparent and fair automated decision-making processes. If you are subject to automated decision-making that produces legal effects or significantly affects you, you have the right to request human intervention and reconsideration of the decision.

Exercising Your Rights

To exercise any of the rights outlined above or if you have any questions or concerns regarding the processing of your personal data, please contact us via our official communication channels. Our dedicated personnel will assist you in addressing your data-related inquiries and ensuring that your rights as a data subject are respected and upheld.

You will not be charged a fee for accessing your personal data or exercising any of the rights outlined above. In the rare event that your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee. This fee, if applicable, will be based on the administrative costs associated with processing your request. Alternatively, we may choose to refuse to comply with your request in these exceptional circumstances. If such a situation arises, we will provide a clear and transparent explanation for our decision. Please note that we will always act in accordance with applicable data protection laws and regulations when assessing the reasonableness of any fees or the validity of requests.

We are committed to responding promptly to legitimate requests regarding your personal data. The statutory period for us to reply to such requests is one month from the date of receipt. However, in situations where the request is particularly complex or there is a high volume of requests, we may extend this period by up to two further months as necessary. This extension will be based on a careful consideration of the complexity and number of requests received.

In addition to the means of exercising your rights outlines above, you have the right to lodge a complaint about our practices with the competent authorities of the country where you reside:

  • If you reside in the EU/EEA, the UK, or Switzerland, you have the right to lodge a complaint with the data protection authority of your country.  You can find the list of data protection authorities of the EU and EEA countries with contact details here: https://dataprivacymanager.net/list-of-eu-data-protection-supervisory-authorities-gdpr/. In the UK, the supervisory authority is the Information Commissioner’s Office, see the ICO’s official website for more detailed information at https://ico.org.uk/.

  • If you reside outside of the EEA, the UK, or Switzerland, you may turn to your local supervisory authorities for lodging a complaint about our privacy practices.

9. Cookie Policy

What is a cookie?

We use cookies on our website to gather information about our users' interaction with our Services. Information we collect via cookies may include your use of the Website and Platform features, the frequency of your visits, your interaction with the functionalities of the Services, and other relevant information.

Cookies are small pieces of text sent by your web browser when you visit our Website. Cookies may store user preferences and other information. Cookies provide a convenience feature to save you time or tell the Web server that you have returned to a specific page. A cookie file is stored in your web browser and allows the Service or a third party to recognize you and make your next visit easier and the Service more useful to you. For instance, Upon visiting the Platform, Google Stats will track the Platform’s performance and assess online advertising effectiveness, but only when you access the Website.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

In addition to persistent and session cookies, cookies can be categorized into first-party and third-party. Cookies set directly by us are called “first-party cookies”. Cookies set by parties other than the website owner are called “third-party cookies”. Third-party cookies enable third-party features or functionality to be provided on or through the website.

When accessing the Website, you will be asked to confirm your choice regarding cookie preferences, such as what cookie categories you wish to accept and which cookies you want to decline, or a choice to decline all cookies altogether. If you choose to accept all or some of these cookies, please note that the following information contained in this Section relates to cookies used on our Website and the Platform only and does not apply to any other pages and websites that may be hyperlinked to our Website. To read more about the categories of cookies used on our Website, please refer to the next subsection. For more general information about cookies and their use, you may visit http://www.allaboutcookies.org/.

Types of Cookies We Use

We use the following types and categories of cookies on the Website:

Essential cookies, which are strictly necessary for the proper functioning of the Website and provide basic functionalities such as page navigation and access to secure areas of the website.

Functional cookies, which are used to enhance website functionality and provide personalized features. For example, these cookies may remember user preferences and settings.

Performance cookies, which are used to collect information about the Website’s performance, for example, how visitors use the website, which pages they visit most often and if they encounter any error messages.

Targeting or marketing cookies, which are used to deliver advertisements and marketing campaigns to you and deliver more personalized service. There cookies may be set by us directly as well as by our third-party partners that help us carry out marketing campaigns and allow us to deliver personalized and more tailored marketing information to you. If you opt-in to use these cookies, information you provide to us regarding your marketing preferences will be collected by us and added to your marketing profile to deliver more targeted advertisements and provide content that is relevant to you. In addition, we will use this information to measure the effectiveness of our advertising and marketing campaigns.

Analytics cookies, which are used to gather information about the Website usage and traffic patterns. This data is aggregated and anonymous, helping us understand how visitors interact with the Website and the Platform, gather statistical information, and use it to improve the quality and relevancy of our services.

How You May Control and Delete Cookies

Alternatively, you may choose to block all cookies by accessing the relevant feature in the browser you use to access the Website. Blocking cookies can be done in various ways, depending on the browser and device you're using: to learn about how you can block cookies through the browser of your choice, please visit the settings page of your browser or the dedicated help page.

Please note that if you choose to block all cookies or opt out of their use altogether, some of the functionalities of our Website may become unavailable to you, and we will not be able to provide you with the full range of features and services.

10. Data Transfers Outside of the EU/EEA

If you reside in the EEA, the UK, or Switzerland, this section is relevant for you. As some of our business partners, vendors, and service providers are located outside of the European Union or European Economic Area, we may need to transfer your personal data to countries outside of the EU/EEA zone.

We take stringent measures to ensure that such transfers are conducted in compliance with applicable data protection laws and that your data remains adequately protected.

Transfers to and from Processors in Countries with Adequacy Decisions

Some of our data processing activities may involve transfers to and from data processors located in countries that have received adequacy decisions from the European Commission. Adequacy decisions confirm that these countries provide a level of data protection that is deemed equivalent to EU/EEA standards. When such transfers occur, your data is adequately protected by the recipient's legal framework.

Transfers from and to Other Countries

In cases where data is transferred to countries that do not have adequacy decisions or other recognized mechanisms, we utilize Standard Contractual Clauses (SCCs) as provided by the European Commission. SCCs are a set of contractual terms and conditions approved by the European Commission, providing a framework for the lawful transfer of personal data that imposes data protection obligations on both parties involved in the data transfer and ensuring that your data remains protected according to EU/EEA standards. These clauses include provisions that require the recipient to provide an adequate level of data protection.

11. Policy Changes and Contact Details

We may periodically update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or to improve transparency and clarity. When we make significant changes to this policy, we will notify you through the Website interface as well as via email associated with your account as soon as the changes are implemented. These notifications will provide a summary of the changes and a link to the updated Privacy Policy for your review.

For any inquiries, requests, or concerns related to this Privacy Policy or our data processing practices, you may always submit written notifications at contact@mesi.app —we’ll be happy to answer your questions.