1. Introduction

This Privacy Policy explains how Quartz Matrix S.R.L. (“Quartz Matrix”, “we”, “our”, “us”) collects, processes, and safeguards data obtained through integrations with Meta Business Pages and LinkedIn Business Pages. Quartz Matrix is committed to ensuring the confidentiality, integrity, and security of all data processed through its systems, in compliance with applicable data protection regulations including the General Data Protection Regulation (GDPR) and other relevant legislation.

2. Roles and Responsibilities (Controller & Processor)

Depending on the context of processing, Quartz Matrix may act as:

• Data Controller – when processing business page analytics and insights for its own internal marketing analysis and reporting purposes.
• Data Processor – when processing business page data on behalf of authorized client organizations, strictly following documented instructions.

In all cases, processing activities are limited to clearly defined purposes and authorized access.

3. Data Collection and Sources

We collect business page data exclusively from Meta Business Pages and LinkedIn Business Pages through their official Application Programming Interfaces (APIs). This data is sourced directly from these platforms and includes:

• Page performance metrics and analytics
• Engagement statistics (impressions, clicks, reactions)
• Post-level insights and audience demographics
• Business page administrative information
• Publicly available company information

All data collectors occur only with proper authorization and consent from the respective Meta and LinkedIn business account administrators. To provide up-to-date reporting, the Application may retrieve organization/page analytics and post insights periodically (for example, daily or weekly), limited to the specific pages authorized by the organization's designated users and subject to applicable platform permissions and terms.

3. Purpose of Data Processing

We process business page data for the following specific purposes:

• Creating comprehensive business intelligence dashboards and analytics
• Analyzing business performance metrics and trends
• Creating data visualization reports for internal reporting and analysis
• Supporting strategic decision-making and marketing analysis
• Optimizing social media content performance
• Measuring return on investment (ROI) for social media initiatives

Data is processed solely for these stated purposes and is not used for any other commercial or third-party purposes without explicit written consent.

4. Legal Basis for Processing

Our processing of data obtained through Meta and LinkedIn APIs is based on the following legal grounds:

• Legitimate Business Interests: We process data to optimize business operations and improve marketing effectiveness
• Compliance with API Terms of Service: We operate strictly within the terms and conditions established by Meta and LinkedIn
• Explicit Consent: Where required, we maintain records of express authorization from business account administrators

5. Data Access and Scope

Data access is limited to authorized personnel within Quartz Matrix who require access to perform their designated functions. We restrict API access to:

• The specific Meta Business Pages and LinkedIn Business Pages explicitly authorized by account administrators
• Only the minimum data fields necessary for our stated analytical purposes
• APIs provided through official Meta and LinkedIn developer channels

We do not request, store, or process personal data of individual end-users from Meta or LinkedIn platforms. Our focus remains exclusively on aggregated business page metrics and administrative information.

6. Data Storage and Retention

• Storage Location: Data is processed and stored in secure cloud-based database and spreadsheet systems used for reporting and analytics (for example Google Looker Studio and related Google Cloud services)
• Retention Period: Business page data is retained for no longer than 24 months unless a longer retention period is justified by business requirements and communicated in advance
• Data Archival: Historical data may be archived for compliance and reference purposes, with access restricted to authorized personnel only
• Deletion Procedures: Upon request from authorized organization representatives, we will delete all stored data within 30 days

Revocation of API permissions via Meta or LinkedIn automatically terminates further data collection.

7. Data Security Measures

We implement comprehensive technical and organizational security measures to protect data integrity and prevent unauthorized access:

• Secure API credentials management with regular rotation and monitoring
• Cloud storage access restrictions with role-based permissions
• Encryption in transit through HTTPS protocols
• Regular security assessments and vulnerability monitoring
• Restricted network access and firewall protection
• Employee training on data handling and security best practices
• Incident response procedures for potential data breaches

8. Third-Party Processing and Data Transfers

We may use trusted third-party service providers (including cloud hosting providers and cloud-based spreadsheet/database tools) to store and process data on our behalf. These service providers are bound by appropriate security agreements and data processing commitments.

All third-party service providers are carefully selected and required to maintain security standards consistent with our own practices. Data is not transferred to any other platforms, services, or organizations beyond necessary service providers without explicit written authorization from the business account administrators.

We recommend that users review the privacy policies of any cloud service providers we utilize, as their processing of data is governed by their respective terms.

9. API Compliance and Platform Terms

We acknowledge and comply fully with:

• Meta Requirements: All data collection adheres to Meta's API Terms of Service, Graph API policies, and current API version specifications
• LinkedIn API Terms: Our implementation respects LinkedIn's API Terms of Use and data access agreements
• Platform Data Restrictions: We honor all platform-specific restrictions on data usage, including prohibited uses and access limitations
• Regular Updates: We monitor API version changes and maintain compliance with the most current platform requirements

10. User Rights and Data Subject Rights

We support privacy rights requests in line with applicable law. For clarity, requests may come from:

• Authorized Organization Users: Individuals authorized by the organization that owns the relevant Meta or LinkedIn business page (for example, designated marketing or social media contacts) who have granted this Application access to page data.
• Data Subjects (Individual Requests): Individuals whose personal data may be included in the data we process (if any).

Requests from Authorized Organization Users (organization-level):

• Access: Request a copy of page-related data stored by the Application for the authorized pages.
• Correction: Request correction of inaccurate records maintained by the Application (where correction is technically feasible and appropriate).
• Deletion: Request deletion of page-related data stored by the Application for the authorized pages.
• Withdrawal / Revocation: Withdraw authorization for continued collection and processing by revoking access through the Application and/or the relevant platform settings.
• Data portability (where technically feasible)

Requests from Data Subjects (individual-level):

• Access, rectification, erasure, objection, restriction, and portability may be available depending on the nature of the data processed and applicable law.

Requests should be submitted in writing to the contact details in this Privacy Policy and must include enough information for verification of identity and authority (where applicable). We will respond to valid requests within 30 days.

11. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data handling practices, please contact us at:

Email: [email protected]
Physical Address: B-dul. Carol I nr. 5D, Iași, 700506, jud. Iași
Response Time: We endeavor to respond to all inquiries within 10 business days

12. Policy Updates and Changes

We may update this Privacy Policy periodically to reflect changes in our operations, regulatory requirements, or API platform specifications. Any material changes will be communicated in advance to business account administrators. Continued use of our services following policy updates constitutes acceptance of the revised terms.

13. Dispute Resolution and Complaints

Should any disputes arise regarding data handling or privacy practices, we commit to working collaboratively toward resolution. Individuals or business account administrators may escalate concerns through our contact channels above.

Data Protection Authority: If concerns cannot be resolved through our processes, you retain the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

14. Regulatory Compliance

This Privacy Policy demonstrates our commitment to regulatory compliance including, but not limited to:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• ePrivacy Directive
• Other applicable regional data protection legislation

Where conflicts exist between this policy and mandatory legal requirements, the most restrictive requirement prevails.

Acknowledgment: This privacy policy demonstrates our commitment to transparent, compliant, and ethical data handling practices. We recognize the trust placed in us by Meta and LinkedIn business account administrators and are dedicated to maintaining the highest standards of data protection and security.