Skip to main content
Metrichain

Legal

GDPR & Compliance

Last updated: May 4, 2026

Our Commitment

Metrichain is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This statement explains our data protection obligations and practices in detail, both as a data controller and as a data processor acting on behalf of our clients.

Our Roles Under GDPR

  • Data Controller: Metrichain acts as a data controller for personal data collected through our website (visitor analytics), contact forms, and our own marketing activities. We determine the purposes and means of processing for this data.
  • Data Processor:When running outreach campaigns on behalf of clients, Metrichain acts as a data processor. The client is the data controller for prospect data used in their campaigns. We process that data only on the client's documented instructions.

Data Processing Agreement (DPA)

All clients whose campaigns involve the processing of personal data on their behalf are entitled to a signed Data Processing Agreement (DPA) in accordance with GDPR Article 28. To request a DPA before your campaigns commence, contact us at info@metrichain.com.

Sub-Processors

To deliver our services, Metrichain engages the following categories of sub-processors. All sub-processors are bound by contractual obligations to process data only as instructed and to implement appropriate security measures:

  • Cloud hosting and infrastructure providers
  • Email sending and deliverability platforms
  • CRM and client relationship management tools
  • Prospect data enrichment and verification services
  • Analytics and reporting tools

Clients may request an up-to-date list of specific sub-processors by contacting info@metrichain.com.

International Data Transfers

Metrichain processes data within the European Union where possible. Where transfers to third countries occur — for example through the use of internationally-operated platforms — we ensure that appropriate safeguards are in place, including the European Commission's Standard Contractual Clauses (SCCs) as required by GDPR Chapter V.

Lawful Basis for B2B Cold Outreach

Metrichain conducts outreach on behalf of clients using legitimate interest as the lawful basis under GDPR Article 6(1)(f).

We apply a three-part balancing test for each campaign:

  • Purpose test: Is there a genuine legitimate interest? Yes — B2B prospecting is a recognised legitimate commercial activity. Contact details are business email addresses held in a professional capacity.
  • Necessity test: Is processing necessary? Yes — direct outreach is the most targeted way to reach the right decision-makers, and we use minimum necessary data (name, job title, work email).
  • Balancing test:Does the interest override the data subject's rights? In a B2B context, individuals receive outreach in their professional role. Every email includes a clear, one-click opt-out, and removal requests are honoured immediately and permanently.

We do not conduct B2C outreach or target individuals' personal email addresses.

Recipient Suppression

Every email sent through Metrichain's infrastructure includes a clear unsubscribe mechanism. When a prospect opts out:

  • They are removed from all active campaign sequences immediately.
  • Their contact is permanently suppressed across all current and future campaigns for that client.
  • The suppression record is retained indefinitely to prevent re-contact.
  • Removal requests sent directly to info@metrichain.com are honoured within 24 hours.

Data Subject Rights

Any individual whose personal data we process — whether as a website visitor, a contact form submitter, or a prospect in a client campaign — has the following rights under GDPR:

  • Right of access to their data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

To exercise any of these rights, submit a request to info@metrichain.com. We will respond within 30 days. Where a request relates to data processed on behalf of a client, we will direct the request to the relevant data controller.

Data Protection Contact

For GDPR inquiries, DPA requests, or data subject rights submissions:

Metrichain
Konstitucijos pr. 7A, Vilnius, Lithuania
info@metrichain.com

You also have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (vdai.lrv.lt) or with the supervisory authority in your country of residence.