The introduction.

This Privacy Policy (hereinafter the “Policy”) governs what data about you we collect, how we use your data and what rights you have in connections with your data, submitted by you when you use smmly.space (hereinafter the “Website”).

When you browse the Website, you hereby agree to this Policy and Terms and Conditions of the Website. Please, read this Policy fully before using the Website and submitting your personal data to Us.

This Policy includes the following:

• What data concerning you (hereinafter “personal data” or “data”) are collected when you use the Website;
• For what purposes and under what legal grounds these data are collected;
• With what recipients these data will be shared;
• How long these data will be stored;
• What rights you have within the terms of processing of your data.

This Policy may be changed, amended, or corrected for a number of reasons: including changes in applicable legislation, changes in our business, and for any other reason when we deem that these changes are necessary. If you are a registered user, we will let you know by sending an e-mail notification to the e-mail address used for registration on the Website. If you do not have an account on the Website and/or we do not possess your e-mail address in order to communicate you about the revised version of this Policy, it is your responsibility to revise this Policy whenever you access the Website. Your continued use of the Website shall be considered as your consent to the revised Policy.

What data concerning you we collect.

Automatically collected data. When you use the Website, the following data are collected from you by automated means.

By Google Services. When you use the Website, the following data are collected from you by Google Services:

a) The data collected by Google Analytics:

• The total time you spend on the Website;
• The time you spend on each page and in what order those pages were visited;
• What internal links were clicked (based on the URL of the next pageview);
• Your IP address and user agent string;
• Initial page inspection that analytics.js performs when creating a new tracker object is used to determine your geographic location, what browser and operating system are being used, your device`s screen size, whether flash or java is installed, and the referring site.

The information collected by Google Analytics is generated to Google`s server in the USA and stored there. Google Analytics Opt-out Browser Add-on provides visitors and users with the ability to prevent their data from being collected and used by Google Analytics. To install Google Analytics Opt-out Browser Add-on follow this link: https://tools.google.com/dlpage/gaoptout?hl=en.

b) The data collected by Google reCAPTHCA. In case of Google reCAPTCHA, Google collects the data about your input in order to distinguish whether an input is made by a human or by a robot or with the use of any other form of automated means.

c) The data collected by Google Tag Manager. Google Tag Manager is a tool made by Google that allows us to integrate and manage tags (snippets of code) into the Website. Google Tag Manager collects the following data:

• Aggregated data about tag firing.

If you want to find out more about how Google processes your data, please, follow Google`s Privacy Policy https://policies.google.com/privacy. 2. By Cloudflare. We use the Services provided by Cloudflare. These Services collect the following data:

• Your IP address;
• System configuration information;
• Other information about traffic to and from the Website.

If you want to find out more about how Cloudflare processes your data, please, follow Cloudflare`s Privacy Policy https://www.cloudflare.com/privacypolicy/.

The data you voluntarily provide us

When you use the Website and our Services, you may voluntarily provide us with the data concerning you:

А. Contact data. When you contact us via the interface of the Website or via available contact details, you hereby provide us with the following data:

• Your name;
• Your e-mail address;
• Your phone number;
• The subject of your message;
• Your message which may also include your personal data.

We may also collect the data on whether have you consented to receive our Newsletter about new products and services of the Company, and about the Company itself.

B. Account data. When you create and use an account on the Website, you hereby provide us with the following data:

• Your name;
• Your username;
• Your e-mail address;
• Your password (in hashed form);
• Personal data you submit in your account.

C. Payment data. When you make payments for the services of the Website, we process the data about your payments. This information includes, but not limited to:

• Information about the payer;
• Information about the payment instrument used by the payer;
• The information about transactions for the services of the Company (including all the data necessary to identify the transactions).

The purposes and legal grounds for the collection of your personal data

A. To administer the Website and our facilities. We use automatically collected data for the following purposes:

• To administer the Website;
• To protect the Website from DDoS attacks and other cyberattacks;
• To protect the Website from any illegal, unlawful activity, fraud, and abuse;
• To diagnose any problems with the Website and the Server which makes the Website available;
• To provide you with the Website tailored for your device, language, and opted preferences;
• To load balance to the Server which makes the Website available.

B. To conduct research and analysis. We use your contact data, automatically collected data, and account data for the following purposes:

• To conduct research and analysis on how the Website is used by its users and visitors, and, having known this information, to develop and enhance the Website;
• To conduct so-called “A/B tests” (to find out more A/B tests please follow https://en.wikipedia.org/wiki/A/B_testing);
• To test new features on the Website.

C. To create an account on the Website and provide you with the Companys Services. We use your account data in order to create your account on the Website and provide you with the Companys Services. Additionally, we use your payment data in order to ascertain that you have paid for the Company`s Services.

D. To process your payments. We use your payment data in order to process your payments.

E. To contact you. We use your contact data in order to contact you when the situation may require.

F. To comply with applicable legislation. We may use your data in order to comply with the legal obligations to which the Company is subject.

G. To establish, exercise and defence of legal claims. We can use the data concerning you we possess for the purposes of the establishment, exercise and defence of legal claims. The establishment, exercise and defence of legal claims are the legitimate interests of the Company.

Processing of children`s data

The Website is not intended for individuals under the age of 18 and we do not knowingly process the data of individuals under the age of 14. If you are a parent or a legal guardian and found that your child had used our Website, please contact us via any available communication channel and the Company will apply appropriate measures.

Retention period of your data

A. For automatically collected data: for a period of twenty-six (26) month starting from the date of your last visit to the Website.

B. For contact data (if you have not entered in any form of business relationships with us): as long as required by a particular purpose of the communication.

C. If you have used our Services: your data will be stored within a period 6 (six) years starting from the date of your last visit to the Website or starting from the date you closed your account on the Website (limitation period for legal claims).

Recipients of your data

1. Our employees, affiliates, contractors, and sub-contractors. The Website and facilities of the Company are maintained and operated by a large staff. Thus, your data may be disclosed to this category of recipients. All these transfers are secured by proper contractual arrangements which oblige these recipients to process your data in strict compliance with this Policy and within the terms of confidentiality and professional secrecy regime.
2. Hosting provider that owns the server which makes the Website available. The Website and Company`s facilities are placed on the server which is operated by the third party. From this follows, that your data will be shared to this hosting provider in encrypted form: which means that only authorized employees of the Company will have an access to your data; because only they possess decryption keys.
3. Public authorities of our jurisdiction. In case of the legal obligation to disclose your data to the public authorities of our jurisdiction (the term “public authorities” may include, without limitation, court, police, financial investigation unit), the Company will perform this disclosure.
4. Payment services providers, financial institutions, banks. When making payments for our Servies, your transaction will be processed by third party payment services provider, bank, or financial institution. Thus, your data will be shared with them.
5. Google and Cloudflare. As mentioned above, the Company uses the services, provided Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA and Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA.

Transfer of the data by Google LLC. and Cloudflare, Inc. to the U.S. under the EU – U.S. Privacy Shield Framework

Google LLC. and Cloudflare, Inc. are certified under EU-U.S. Privacy Shield Framework. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. For more information on the Privacy Shields, please visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome.

Your rights under this Policy

As the data subject, you have several rights which you can implement by contacting us via email [email protected].

These rights are:

The right to withdraw consent. If you previously consented (under Article 6(1)(a) of the GDPR) to processing of your data, you have the right to withdraw this consent at any time. It means that we will stop processing of the personal data, for processing of which the consent was required, starting from the date of the withdrawal. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The right of access. You have the right to obtain from us confirmation as to whether or not the data concerning you are being processed, and, if we indeed process your personal data, to receive a copy of the personal data undergoing processing.

The right to rectification. You have the right to obtain from us the rectification of inaccurate personal data concerning you.

The right to erasure (or the right “to be forgotten”). You have the right to obtain from us the erasure (removal) of your personal data. Upon your request, your personal data shall be removed. This right shall be applied if:

• your personal data are no longer needed for the purposes for which these data were collected;
• you have withdrawn your consent (if you have provided this consent) and there are no other legal bases for further processing;
• we do not need to keep your personal data for the purposes of compliance with the applicable legislation;
• the data were processed unlawfully;
• there are no any restrictions of this right by the applicable legislation;
• in other cases when the erasure (removal) is required or permitted by the applicable law.

The right to object to processing. You have the right to object, on grounds relating to your particular situation, to processing of your personal data. Additionally, you have the right to object to the processing of your personal data for direct marketing purposes (if applicable). The right to restriction of the processing. You have the right to obtain from us restriction of processing, in case if one of the following applies:

• you contested to the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
• processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• you have objected to processing on the basis of your right to object pending to verification whether your legitimate grounds override those of the Company.

The right to data portability. You have the right to receive from us the data, which were collected from you, in a structured, machine-readable format and have the right to transmit those data to another controller (in a plain language, to another company). Nevertheless, this rule applies only to processing, which:

• Was carried out by automated means;
• Is based on Articles 6(1)(a) and 9(2)(a) of the GDPR (consent) or is based on Article 6(1)(b) of the GDPR- processing which was carried out under the contract between you and us.

Please note, that these rights are applicable with some restrictions:

• If we are not sure about the identity of the requestor, we shall verify the identity of a user/visitor who requests for the implementation of any of the rights before the implementation of this right.
• We may restrict the rights, specified above, or deny in implementation of any of the rights if this restriction or denial is grounded on the legislation to which the Company is subject. In this case we will specify you the reason for the denial in the reply to your request.

The right to lodge a complaint with the supervisory authority. You can always contact us for any issue with regard to the processing of your data, including complaints. Nevertheless, if you suppose that your rights under applicable data protection legislation have been violated, you can lodge a complaint either:

• With the Commissioner for Personal Data Protection of the Republic of Cyprus (jurisdiction of our incorporation). The Website of the Commissioner http://www.dataprotection.gov.cy/; or
• With the data protection authority of the country of your habitual residence. You can find the list of all EU Data Protection Authorities on the Website of the European Data Protection Board https://edpb.europa.eu/about-edpb/board/members_en.

Third-party links.

This Website may contain the links to the Websites which are owned and operated by third parties. For example, when you make payment for the services of the Website: in this case, you will be redirected to the payment provider operated by third party. These Websites are outside our control and we bear no liability for the result of your visit to these Websites. We recommend you to visit “Privacy Policy” or “Data Policy” or another privacy document on any of these third-parties` services before submitting any information to the latter.