Metis Cyberspace Technology S.A.
Last Updated: Nov. 2025
1. Introduction
Metis Cyberspace Technology S.A. (“Metis”, “we”, “us”, or “our”), a company incorporated in Greece, operates a Software-as-a-Service (SaaS) platform that enables shipping companies and vessel operators to monitor and evaluate the operational and environmental performance of their vessels.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. It applies to all users of the Metis platform and to any individuals whose personal data we process in connection with our services.
We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and any other applicable national or international data protection legislation.
If you have any questions about this policy, please contact us at:
- Email: dpo@metis.tech or info@metis.tech
- Address: Metis Cyberspace Technology S.A., Isminis 59, Kallithea 17675, Athens Greece
2. Who This Policy Applies To
This policy applies to:
- Platform users: Employees or representatives of our customers who are granted access to the Metis platform. There is no public self-registration process; all user accounts are created and managed offline.
- Customer contacts: Representatives of shipping companies or vessel operators with whom we have a contracted relationship.
We do not collect personal data from vessel crew members. The operational data collected onboard vessels relates to vessel and equipment performance, not to individual persons.
3. What Personal Data We Collect
3.1 Platform User Data
When a user account is created for the Metis platform, we collect and process the following personal data:
- Identity data: First and last name
- Contact data: Work email address
- Professional data: Job title and organisational role
- Usage data: Login activity, platform interactions, features accessed, and session logs
3.2 Vessel & Operational Data
As part of our core service, we collect performance and operational data from onboard sensors and connected systems, as well as from third-party sources. This data relates to vessels, not individuals, and includes:
- Engine and machinery performance telemetry
- GPS and AIS positional data
- Fuel consumption metrics
- Environmental and emissions data (e.g. CO₂, SOx, NOx)
We also obtain data from third-party providers such as AIS data aggregators, weather services, and port databases, to enrich vessel performance analysis.
3.3 Data We Do Not Collect
We do not collect:
- Crew member personal data or crew identifiers
- Payment or financial data (contracts and billing are handled offline)
- Sensitive personal data (as defined under GDPR Article 9)
- Data from public website visitors (there is no online registration or e-commerce process)
4. How We Use Personal Data
We use personal data only for the purposes described below, and only where we have a lawful basis for doing so under GDPR.
| Purpose | Data Used | Lawful Basis |
| Providing and operating the Metis platform | User identity, contact, and usage data | Performance of a contract (Art. 6(1)(b)) |
| Managing user accounts and access control | Name, email, job title | Performance of a contract (Art. 6(1)(b)) |
| Customer support and troubleshooting | Usage logs, contact data | Legitimate interests (Art. 6(1)(f)) |
| Platform security and fraud prevention | Usage and activity logs | Legitimate interests (Art. 6(1)(f)) |
| Improving platform features and algorithms | Anonymised operational and usage data | Legitimate interests (Art. 6(1)(f)) |
| Communicating service updates or changes | Work email | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | As required | Legal obligation (Art. 6(1)(c)) |
We do not use personal data for advertising, profiling for marketing purposes, or any automated decision-making that produces legal or similarly significant effects on individuals.
5. Data Retention
We retain personal data for as long as the relevant customer subscription is active and the user account remains in use.
Upon termination of a customer’s subscription:
- Personal data (user names, emails, role information) will be deleted or anonymised within a reasonable period following the end of the subscription, unless we are required to retain it longer to comply with a legal obligation or to resolve a dispute.
- Vessel operational data may be retained in anonymised form beyond the subscription period for the purpose of training and improving our algorithms and analytical models. Once anonymised, this data can no longer be linked to any individual or customer and is no longer subject to this Privacy Policy.
6. How We Share Personal Data
We do not sell personal data. We share personal data only in the following circumstances:
6.1 Sub-processors and Service Providers
We engage third-party service providers who process personal data on our behalf in order to operate our platform. These sub-processors are bound by data processing agreements and are permitted to use personal data only as instructed by us. Our sub-processors include providers in the following categories:
- Cloud infrastructure: Hosting and storage of platform data
- Analytics tools: Platform performance monitoring and usage analytics
- Email and communication tools: Sending service notifications and support communications
- Third-party data providers: AIS data and other maritime data sources used to enrich vessel performance analysis
6.2 Legal Requirements
We may disclose personal data where required to do so by law, court order, or at the request of a competent regulatory or government authority, provided such request is valid under applicable law.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the relevant third party as part of that transaction. We will notify affected individuals as required by applicable law.
6.4 Within the Metis Group
Personal data may be shared among Metis-controlled affiliates and subsidiaries for the purposes described in this policy.
7. International Data Transfers
Metis is based in Greece (EU/EEA). Some of our sub-processors may be located outside the EU/EEA. Where we transfer personal data to countries that do not offer an equivalent level of data protection, we ensure that appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs), or we rely on an applicable adequacy decision.
You may request further information about international transfer safeguards by contacting us at dpo@metis.tech or info@metis.tech.
8. Cookies and Tracking
The Metis platform may use cookies or similar technologies to support session management, authentication, and platform functionality. We do not use cookies for advertising or third-party tracking purposes.
We may use limited analytics tools to understand how the platform is used, in order to improve functionality and user experience. Where required by law, we will request your consent before setting non-essential cookies.
9. Data Security
Metis takes the security of personal data seriously. We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include, but are not limited to:
- Encryption of data in transit and at rest
- Access controls and role-based permissions
- Regular security reviews and monitoring
- Contractual security obligations on all sub-processors
No method of transmission over the internet or electronic storage is entirely secure. In the event of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the relevant supervisory authority and, where required, the affected individuals, in accordance with GDPR obligations.
10. Your Rights Under GDPR
If you are located in the EU/EEA (or another jurisdiction with equivalent data protection rights), you have the following rights in relation to your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may ask us to correct inaccurate or incomplete personal data.
- Right to erasure: You may ask us to delete your personal data, subject to certain conditions and legal obligations.
- Right to restriction of processing: You may ask us to restrict the processing of your data in certain circumstances.
- Right to data portability: You may request that we provide your data in a structured, commonly used, machine-readable format.
- Right to object: You may object to processing based on our legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at dpo@metis.tech or info@metis.tech. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA) — www.dpa.gr.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data practices. When we make material changes, we will notify affected users via email or through a notice within the platform. The date at the top of this policy indicates when it was last updated.
12. Contact Us
For any questions, requests, or concerns relating to this Privacy Policy or the way we handle your personal data, please contact:
Metis Cyberspace Technology S.A.
- Data Protection: dpo@metis.tech
- General enquiries: info@metis.tech
