Privacy policy

This policy will give you information about how we look after your personal data when you visit our website (regardless of where you visit it from). The policy also tells you about your privacy rights and how the law protects you. This document will also provide you with specific information on how we collect, store, use and share your personal data we collect.

Who We Are?

Metta Play is made up by different legal entities spread around the world. This privacy policy is issued on behalf of all the companies making Metta Play. The words “we”, “us” or “our” in this policy, are referring to each and every single entity around the world integrating the Metta Play Group.

How can you contact us?

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this policy, please contact our DPO at:

Valor Legal Advisors

111 Congress Avenue, Austin, Texas
United States of America (78701)

Att: Data Protection Officer

Or by email:

Please include your name and if you know it, the relevant entity within the Metta Play Group of companies. If you don’t have that information, it’s ok and we will then treat your request as if the question relates directly to Metta Play USA.

You can make changes to your information we receive and collect from you by opting out to provide it to us in the settings console when you enter our website. If you wish to unsubscribe from newsletters or marketing emails you will be able to do so via the link provided in those emails. If you wish to delete cookies placed, our cookie policy will help show you how to do that (more on that later in the Policy under Cookies).

At any point while we are in possession of or processing your personal data, you have the following rights:

  1. Right of access – you have the right to request a copy of the information that we hold about you.
  2. Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  3. Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. If we are legally obligated to keep the information or if it is impossible or unproportionate, we won’t delete it but we will only keep it for as long as it is needed and we have time limits on our data systems.
  4. Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  5. Right of portability – you have the right to have the data we hold about you transferred to another organization.
  6. Right to object – you have the right to object to certain types of processing such as direct marketing.
  7. Right to object to automated processing, including profiling – you also have the right not to have a computer make decisions about you directly (this doesn’t include general marketing based on your age or gender).
  8. Right to judicial review – if we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

One thing to bear in mind before contacting us: Our sites may contain links to other sites not owned or controlled by us. It could as an example be any social media platforms/services. We are not responsible for the privacy practices of those sites, so if you have questions regarding such sites, you need to contact the site directly. We also really encourage you to be aware and read the privacy policies of other sites because they may very easily be collecting, storing, using, and sharing your personal information.

If you feel we are not complying with any of the applicable regulations, you can always reach out to us to file a complaint. We have a Global Data Protection Officer who will take your complaint very seriously. You can contact our GDPO at We will reach out to you and follow a procedure to accurately identify you so we can provide you with the best customer service.

You always have the right to complain to the authorities as well, but because we take privacy matters very seriously, we would really appreciate it, if you would talk to us.

You can complain about:

  1. how your personal data has been processed;
  2. how your request for access to data has been handled;
  3. how your complaint has been handled;
  4. appeal against any decision made following a complaint.

How do we process your info?

We take your privacy seriously, so we’ll only ask for the information we need to have so we can give you great service.

Whenever we collect customer data, we make sure:

  • We ask for permission to collect the data
  • We only use the data for the agreed reason and for the time it’s needed
  • We will, as a minimum, meet the local data protection laws in the country where we provide you with a service via our website or our applications.
  • We keep data that we’re legally required to have on record
  • We explain why we need the data and how we’ll use it (unless we have legitimate reason not to)
  • We check and update privacy information on a regular basis (we might also cross-check the data against another database to make sure it’s correct)
  • We don’t share data with anyone unless we have a legal or legitimate reason, or we have permission from you or if you are a child under 16 from your parents.

What type of info do we collect?

We collect your personal and anonymous information from you when you visit our site/s on our domain When you visit our online channels, you’ll be able to check if we’re collecting data under terms and conditions of the site.

We also receive information via third parties when you visit our page on social media sites or channels (e.g Facebook, Instagram, etc).

What types of personal information do we collect?

When you’re visiting any of these online channels, we may collect:

  • Registration information that we use to help you set up an account (e.g. your name, country, gender, date of birth, email address, username and password).
  • Payment or transactional information that we use when you buy products or use online services (e.g. postal address, phone number or credit card number).
  • Location information or your IP Address that we use to give you relevant online content.

Why we need to process personal data?

In legal terms, the way we ‘process data’ describes how we collect, store, use, share and delete the data we receive from customers. When you share your personal information with us on our online channels, we’ll process your data as described in this Privacy Policy.

As we’re offering our products through different retailers around the world, we need to process personal customer data, so that:

  • Customers can buy products from any of our retiling partners
  • Customers can request information about our products
  • Customers can share information on social media
  • We can send customers any information they’ve asked us for or answer their questions
  • We can ask customers to give us feedback on our services through questionnaires and surveys
  • We can provide our customers with relevant marketing information about our products.

Always keep in mind that if you’re accessing our site through a third-party channel like a social media media such as Facebook or Instagram, your personal data may also be processed by that third-party according to their own privacy processes.

How do we process personal identifiable information?

When you visit our online channels or when you use third-party sites or platforms, we use technology such as cookies, flash cookies, pixels and web beacons to process your personal data.

Please visit our Cookie Policy (below) for more information, including information about how to delete cookies places on your device and how to prevent them from being put there in the first place.

Be mindful that if you do enable a prevent cookies functionality on your device, some of our services and functionalities on the site will no longer work.

We also collect information from other trusted sources, so we can update or add to the personal information we’ve collected ourselves.

How do we share your info with Metta Play's subsidiaries?

Our subsidiaries or affiliates may sometimes need to access your information to provide services to you on our behalf. Because we care about your privacy, we have decided to implement the same privacy protection all over the world, so you can feel safe no matter which of our related entities is using your data. Legally, our other entities will then be acting as ‘data processors’ and will be subject to data processing laws. They need your personal data so they can:

  • Deliver products and services you’ve requested
  • Get in touch with you about your account or transactions
  • Send you information about our sites, applications, and policies
  • Send you any newsletters you’ve signed up for (you can unsubscribe at any time)
  • Process information that the subsidiary is formally contracted to process on our behalf
  • Identify, review, and stop any activities that could breach our policies or break the law

What happens if you share protected information on social media?

As our public accounts on social media can be read by everyone, any personal information you share on them can be seen publicly. If you’d like us to remove any of your personal information from public areas of the site, please email If we can’t remove your personal information for any reason, we’ll let you know why. You will need to meet the required age, legal authorization, and other conditions ruled by the social media platform to use any of their services.

Some of our websites may include social media links such as the Facebook ‘like’ button, and widgets like ‘Share this button’. If you click on any of these links, the features may collect your IP Address and record which page you were visiting at the time. The features may also use cookies so that the feature can function properly. Social media features and widgets are hosted by third parties or may be hosted directly on our website. When you’re using these features and widgets, your personal data will be processed by that third-party according to their own privacy policies.

Do we share your information with other companies?

We won’t share any of your personal information outside Metta Play except:

  • When we need to enforce the terms of use or the policies that we ask customers to agree to;
  • When we need to protect the safety, security, rights and property of our customers or third-party partners;
  • When we need to meet legal processes or if disclosure of the data is required by law;
  • When we’re asking other companies like e.g. couriers, shipping and warehouse service provides, payment providers, IT platform providers, fraud detection and prevention providers, survey providers, product catalog providers and customer service suppliers to deliver services on our behalf; We have contracts with these companies to make sure they only use your personal information for agreed services and meet legal requirements;
  • When we store your information using secure cloud storage services/facilities. We have contracts with these companies to make sure they only use your personal information for the agreed services and meet legal requirements;
  • If a merger, acquisition, or sale of assets ever meant we needed to share information with a third party. In this case we’d email you and post a notice on our website to publish the change of owner and we’d also tell you how your data would be used and give you options regarding your personal data;
  • When you’ve given us permission to share your information with third parties so they can send you information on their products and promotions;
  • When you have given us permission to share your information with third parties, so that they can provide you with marketing information and promotions regarding our products. You can opt out of such marketing activities by adjusting your cookie settings on your device.
  • When you’ve asked us to share your personal information with third-party sites or platforms. Once it’s been shared, your personal data will be processed by that third-party according to their own privacy processes

How long do we keep your personal information?

We’ll keep your personal information as long as it’s needed to provide a service, or we are legally required to do so. We have so called retention policies for each of the categories of personal information that we process.

If you’d like us to delete your data, we’ll only keep information that we need for legal reasons, to resolve disputes or to enforce our agreements.

Our Cookie Policy

Cookies are small data files that your browser places on your computer or device. A cookie itself does not contain or collect information. However, when it is read by a server via a web browser it can help a website deliver a more user-friendly service.

Like most websites, our online channels collect some information (e.g. information on IP addresses, browsers, internet service providers, referring pages, exit pages, operating systems, date stamps, timestamps and clickstream data). This information won’t be linked to any other information we collect about you unless you have given your consent that we may do this.

Both we and our third-party tracking utility partners use browser storage, app storage, cookies, pixls, beacons, scripts and tags to analyze trends, administer the site, track user movement through the site and collect demographic information about our overall user base. We may receive reports on these from our third-party tracking utility partners on an individual and aggregate basis.

How do we keep children safe on our sites?

We care deeply about making sure children are safe online and have extra privacy processes in place to make sure we’re keeping our younger fans safe when they’re using our online channels. In fact, some features have age gates so as to prevent children from inadvertently using such features. We also take all reasonable care to ensure that we don’t knowingly collect, store, use or process personal information from children who may use those features without proper parental consent.

We also follow all relevant laws for children aged between 13 and 18 and when it comes to personal data, we consider anyone under the age of 16 years a child. If you have any questions or concerns about our Privacy Policy, please contact our Data Protection Officer at

When we do process personal information from children, we take extra steps to protect their privacy including:

  • Making sure we tell parents what personal information we collect, store, use and process from their child and explaining whether we share the information
  • Meeting legal requirements by asking for parental consent to collect, use and process a child’s data and asking for consent to send their children information about our products and services
  • Limiting how we collect, store, use and process personal information from children so only data that is reasonably needed for them to take part in an online activity is collected
  • Giving parents access or the option to ask for access to personal information we’ve collected from their child – parents can also ask for their children’s personal information to be changed or deleted

Collecting and using children’s information:

While our website is intended for families and users of all ages, our products are intended to be used mainly by children. Whenever we collect personal information from a child, we only keep the information for the time we need it to provide a service or for the time it’s legally required to be kept on record.

While children can choose whether to share their information with us, there are features of our websites that won’t function if they haven’t given us their information. Where personal information is needed for features to function, we’ll only ask for information that is reasonably required to take part in the activity.

What if we accidentally collect children’s data?

If we discover that we’ve unintentionally collected information from a child in a way that doesn’t meet COPPA (Children's Online Privacy Protection Rule) requirements, we will delete the information immediately.

How do we request parental consent on our website?

If we need to collect a child’s personal information, we’ll ask for parental consent according to COPPA legal requirements. We’ll send the child’s parent or guardian an email explaining what information we’re collecting, how we plan to use it and ask the parent to give or deny their consent. If we don’t receive parental consent in a reasonable time, we’ll delete all information we’ve collected from the child including the adult’s contact information that we asked for in order to request consent.

What about our employees' info?

Whether you’re an existing employee or applying for a job with us, we’ll process specific information relevant for your employment and application. The principles in this Privacy Policy will also apply to your employment and application.

And our third-party contractors?

We define third party contractors as other companies doing business with Metta Play that are not Metta Play employees. We process information on our third-party contractors for collaboration and evaluation purposes.

Data security and integrity

The security, integrity and confidentiality of customer information is extremely important to us. We use technical, administrative and physical security measures to protect personal information from unauthorized access, disclosure, use and modification. All external transfers that contain personal information are done using encrypted technology. Credit card information is handled by approved service providers that meet PCI (Payment Card Industry) standards and have appropriate safeguards in place.

Although we regularly review our security procedures and evaluate new technology and methods to make our online channels safer, no security measures are perfect or impenetrable.

Our customers, employees and partners also play an important role in protecting information. We encourage customers to choose passwords that are difficult for others to guess and to keep their personal passwords secret.

Should you notice any flaws or concerns in our security, please contact us at as soon as possible.

If we ever experience a data breach in which customer information is at risk of being misused, we’ll contact customers according to legal requirements. If necessary, we’ll also contact data protection authorities.

Data transfers, storage and processing globally

As we are a GDPR compliant organization, for those customers within the EU territories, we will not transfer your information to any countries outside of the European Union that are not expressly considered “secure” third countries by the European Commission. Whenever your personal information is transferred, stored, or processed by us or by companies carrying out such services on our behalf, we’ll take reasonable steps to safeguard the privacy of your personal information.

We want to make sure we as a minimum use the standards of data privacy and security that follows from the European General Data Protection Regulation (“GDPR”) anywhere in the world where we collect, store, use or share your personal data. Where your local rules require more from us than that, we will adjust our practice to make sure your data is safe with us no matter where in the world you are. 


This section provides information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”). California privacy laws require that we provide California residents information about how we use their personal information, whether collected online or offline, and this section is intended to satisfy that requirement.

Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

Categories of Personal Information that We Collect, Disclose, and Sell

Below please find the categories of personal information about California residents that we collect, sell, and/or disclose to third parties or service providers for a business purpose.

NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address and email address.

• Do we collect? YES

• Do we disclose for business purposes? YES

• Do we sell? YES

CUSTOMER RECORDS: Paper and electronic customer records containing personal information, such as name, address, telephone number, credit card number and debit card number.

• Do we collect? YES

• Do we disclose for business purposes? YES

• Do we sell? NO

PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as sex and age. Any “sale” (as defined under the CCPA) of information under this category is for the purpose of enabling users to register accounts and preventing children from using certain websites, apps and services without first receiving parental consent.

• Do we collect? YES

• Do we disclose for business purposes? YES

• Do we sell? NO

PURCHASE HISTORY AND TENDENCIES: Commercial information, including products or services purchased, obtained, or considered.

• Do we collect? YES

• Do we disclose for business purposes? YES

• Do we sell? NO

BIOMETRIC INFORMATION: Physiological, biological, or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

• Do we collect? NO

• Do we disclose for business purposes? NO

• Do we sell? NO

USAGE DATA: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.

• Do we collect? YES

• Do we disclose for business purposes? YES

• Do we sell? NO

GEOLOCATION DATA: Precise geographic location information about an individual or device.

• Do we collect? NO

• Do we disclose for business purposes? NO

• Do we sell? NO

AUDIO/VISUAL: Audio, electronic, visual information, such as photos and videos. Whenever an activity could potentially allow a user to share Audio/Visual information, we either review the content ourselves and make sure personal information is removed or, if a child shared the content, we ask for permission from a parent or guardian to collect the data. Any “sale” (as defined under the CCPA) of this information is for the purpose of monitoring these activities and preventing this category of information from being made public.

• Do we collect? YES

• Do we disclose for business purposes? YES

• Do we sell? NO

EMPLOYMENT HISTORY: Professional or employment-related information.

• Do we collect? NO

• Do we disclose for business purposes? NO

• Do we sell? NO

EDUCATION INFORMATION: Information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

• Do we collect? NO

• Do we disclose for business purposes? NO

• Do we sell? NO

PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, or behavior.

• Do we collect? YES

• Do we disclose for business purposes? YES

• Do we sell? NO

California Residents’ Rights

California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.

Right to Opt-out. California residents have the right to opt-out of our sale of their personal information. Opt-out rights can be exercised by visiting our Cookie Policy or by going directly to our Cookie Settings page and deleting or preventing cookies from being used. You can also click on the “Do Not Sell My Data” link at the bottom of every webpage.

Right to Opt-In. We do not sell personal information about residents who we know are younger than 16 years old without verifiable parental consent.

Notice at Collection: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.

Verifiable Requests to Delete, Requests to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:

Right of Deletion: California residents have the right to request deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary that we maintain such personal information in order to:

• Complete the transaction for which the personal information was collected, provide a good or service requested by the California resident, or reasonably anticipated within the context of a business’s ongoing business relationship with the California resident, or otherwise perform a contract between the business and the California resident.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

• Debug to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another California resident to exercise his or her right of free speech, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the California resident has provided informed consent.

• Enable solely internal uses that are reasonably aligned with the expectations of the California resident based on the consumer’s relationship with the business.

• Comply with a legal obligation.

• Otherwise use the California resident’s personal information, internally, in a lawful manner that is compatible with the context in which the California resident provided the information.

Right to Know – Right to a Copy: California residents have the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.

Right to Know - Information: California residents have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:

• categories of personal information collected;

• categories of sources of personal information;

• business and/or commercial purposes for collecting and selling their personal information;

• categories of third parties/with whom we have disclosed or shared their personal information;

• categories of personal information that we have disclosed or shared with a third party for a business purpose;

• categories of personal information collected; and

• categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.

Submitting Requests. Requests to exercise the right of deletion, right to a copy, and to know may be submitted by contacting us at We will respond to verifiable requests received from California consumers as required by law.

Right to Non-Discrimination and Incentives. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information.

Discrimination: Businesses may not discriminate against residents who exercise their rights under CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices or rates or impose penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.

Disclosure of Incentives: If businesses offer any financial incentives for the collection, sale or deletion of California residents’ personal information, residents have the right to be notified of any financial incentives offers and their material terms, the right not to be included in such offers without prior informed opt-in consent, and the right to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive, or usurious financial incentives.

California Privacy Rights under California’s Shine-the-Light Law

Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year. California residents who would like to make such a request may submit a request in writing to The request should attest to the fact that the requester is a California resident and provide a current California address.


Regarding how we process your information to be compliant with local legislation the following will apply in supplement to the Privacy Policy:

We generally collect personal information directly from you where this is reasonable and practical but may also acquire information from other trusted sources to update or supplement the personal information you provided or which we processed automatically.

• We may also use your personal information to tell you about the products and services Metta Play offers. From time to time, we may contact you by mail, telephone, email, or other electronic messaging services with information about products and services (including discounts and special offers). If you no longer wish to receive marketing or promotional information from us, you can always unsubscribe. There are certain messages relating to the goods and services we provide to you that cannot be unsubscribed from.

• Should we experience a data breach and your information be involved, we will contact you if there is a risk of serious harm to you and if we are legally obliged to do so. In some instances, we will also be legally obliged to contact (data protection) authorities when a breach of privacy information occurs.

• We will take such steps that are reasonable in the circumstances (if any) to destroy or de-identify personal information when it is no longer required.

Changes to this Privacy Policy

We may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide prior notice to users by email and post the information on our online channels if these changes are material and request your consent if legally required.

Third party vendor categories

Metta Play works with several trusted partners to secure that we provide you, our business partners, and our employees with the best experience possible. This means that we will at some exceptional times need to allow third parties to process personal data.

To give you an overview we have categorized the type of vendors we use and what we use them for on a category basis.

We process personal data with vendors in the following categories:

IT Service providers

We use a series of trusted partners worldwide to provide us with IT services and system administration services.

Global payment provider and processing partners

To secure a safe and efficient payment process both online, in our stores or through invoicing or money transfers.

Cloud storage partners

We store our and your data at secure data centers around the world.

Warehousing, packing, shipping, and delivery partners

Helping us get our products into the hands of our customers and business partners around the world.

Catalog printing and mailing and postal partners

Helping us make our catalogs, brochures and magazines come your way.

Marketing partners

To be able to provide targeted and personalized advertisements, promotions, and campaigns when you are interacting with our online channels.

Social Media Partners

To be present and allow you to interact with those social media platforms where you can find us.

Tax and customs authorities, regulators, and other authorities globally

Who require reporting of processing activities in certain circumstances.

Professional advisers

Including lawyers, bankers, auditors, and insurers globally, who provide consultancy, banking, legal, insurance and accounting services to Metta Play.