We at Smartico.ai, a product of GamifyTech LTD, (“Smartico.ai“, “us“, “we“, or “our“) recognize and respect the importance of maintaining the privacy of our Customers and their End Users. This Privacy Notice describes the types of information we collect from you when you visit our website (“Site“) and/or use our Services. This Privacy Notice also explains how we collect, process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. If not otherwise defined herein, capitalized terms have the meaning given to them in the Terms of Service, available at https://smartico.ai/terms-of-service/ (“Terms“). “You” means any adult user of the Site or Services and/or an End User of our Customer(s).

Smartico.ai is the data controller in respect of certain of the processing activities outlined in this Privacy Notice. Our registered office is Business Park Sofia, Building 4, 1715, Sofia, Bulgaria and our registration number is 206764900. When we process information in the context of providing Services to our customers (“Customers“) including with regard to each Customer’s End Users, the applicable Customer serves as a controller with respect to such Customer’s End User Personal Data (as defined below). Our co-controllers are listed below.

Our Data Protection Officer (“DPO“) is Mr. Anton Antropov, contact details available at anton.a@smartico.ai.

“Personal Data” means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law.

Privacy Notice Key Points

The key points listed below are presented in further detail throughout this Privacy Notice. These key points do not substitute the full Privacy Notice.

• Personal Data We Collect. When you register as a Customer, we collect Personal Data provided by you, such as your name, email address, and phone number, the company you work for and your job title and payment details (which is provided to a third party payment processor and not saved by us). If you register through a third party log-in/ account registration service (such as Facebook or Google), we collect your basic profile information from such third-party log-in/account registration service. We also collect Personal Data when users visit the Site, or contact us with questions or complaints. When a user visits our Site, we automatically collect their operating system and other information about their use of the Site. Additionally, if you are an End User of one of our Customers, we will collect Personal Data at their direction.
• How We Use Your Personal Data. We use the information (including Personal Data) we collect and/or receive mainly to administer and provide the Site and/or Services, contact Customers with administrative information, contact Customers and visitors to the Site with marketing offers and improve the Site and Services.
• Basis for Processing Your Personal Data. If you are a Customer and/or End User, processing your Personal Data is necessary for the performance of the Terms and the provision of the Services to Customer. Processing Personal Data of Customers and visitors to the Site for the purposes of developing new and enhancing our products and Services, for the marketing of our products and services, for analytics and usage analysis, for fraud prevention and for security and for our recordkeeping, protection of our legal rights, and complying with our legal obligations – are all necessary for the purposes of legitimate interests that we pursue.
• Sharing the Personal Data We Collect. We share the Personal Data we collect with our service providers and subcontractors who assist us in the operation of the Site and process the information on our behalf and under our instructions. When we act as a processor on behalf of our Customers, we will share Personal Data of End Users with the applicable Customer. We share Personal Data with certain co-controllers, as listed below.
• International Transfer. We use service providers and/or subcontractors and/or cooperate with or have business partners and affiliates located in countries other than your own, and send them your Personal Data. We will ensure that we have agreements in place with such parties that ensure the same level of privacy and data protection as set forth in this Privacy Notice. You hereby consent to such international transfer.
• Security. We implement industry standard measures aimed at reducing the risks of damage and unauthorized access or use of Personal Data, but they do not provide absolute information security. Such measures include physical, electronic, and procedural safeguards (such as secure servers, firewalls, antivirus and SSL encryption).

• Your Rights. Subject to applicable law and additional rights as set forth below, you may have a right to access, update and/or delete your Personal Data and obtain a copy of the Personal Data we have collected about you. You can change your mind at any time about your election to receive marketing communications from us and/or having your Personal Data processed for direct marketing purposes. You also have the right to object at any time to processing your personal data for certain purposes, including marketing purposes.

• Data Retention. We retain information for as long as necessary for the purposes set forth in this Privacy Notice. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved through other means, as well as applicable legal requirements. We retain Personal Data of End Users in accordance with the instructions of the applicable Customer.
• Use of Cookies, Fingerprint and Similar Technologies. We use cookies and similar technologies for analytical purposes and to help personalize your experience of users visiting our Site by providing you targeted content matching your interests, which we have identified based on your activity and browsing history on the Site. You can adjust your settings to determine which cookies you do or do not allow. Changing your settings and/or deleting existing cookies may affect the Services. We use fingerprint and other technologies as part of our Services, as such when visiting a Customer’s website, we may collect your Personal Data through fingerprint and other technologies. A Customer can opt-out of use of fingerprint (on behalf of its End User(s)).
• Children. We do not knowingly collect personally-identifiable information from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.
• Third-Party Applications and Services. All use of third-party applications or services is at your own risk and subject to such third party’s privacy policies.
• Communications. Subject to your consent and applicable law, we may send you e-mail or other messages about us or our Services. You can stop receiving future communications from us by following the UNSUBSCRIBE link located at the bottom of each communication, by emailing us at info@smartico.ai, or through your account settings.
• Changes to the Privacy Notice. We may change this Privacy Notice from time and shall notify you of such changes.
• Comments and Questions. If you have any comments or questions about this privacy notice, or if you wish to exercise your legal rights with respect to your Personal Data, please contact us at info@smartico.ai.

Personal Data We Collect

Visitors of the Site

‍We collect information from you when you choose to visit our Site. We also collect Personal Data when you request information from us, sign up for newsletters or our email lists, complete online forms, or contact us for any other reason. In addition, when you visit the Site, certain information may be automatically gathered about your computer or mobile device, such as operating system, device ID, and, subject to your consent as may be required under applicable law, (geo) location, as well as your browsing history and any information regarding your viewing and browsing history on the Site.

Customers

‍In order to use our Services as a Customer, you will be required to register and provide us with certain Personal Data, such as your name, email address, and phone number, the company you work for and your job title, and payment details. It is clarified that payment details are provided to third party payment processors and are not stored and/or processed by Smartico.ai. If you use the Services by logging in through a third-party login service (such as Facebook or Google), we may also receive Personal Data about you as provided by such third-party login service. Please check such third-party’s policies in order to understand what information we receive.

It is your voluntary decision whether to provide us with any such Personal Data, but if you refuse to provide such information we may not be able to register you to the Site and/or provide you with the Services.

End Users‍

If you are an End User of our Customer(s), we will collect Personal Data as they direct. For more information about any such collection, please refer to the Privacy Notice of the applicable Customer.

At the Customer’s direction we may collect your interests, age, browser type, device ID, gender, geo-location, household income, language, network speed, operating system, weather, whether you are a new or returning visitor, social networks, URL from which you are referred, weighted-funnel targeting, whether you have an adblocker, pages viewed per session, average session duration and frequency, schedule, converted/non-converted user, any targeting by competitors. We collect this information through fingerprint technology that checks whether you are connected to social media and websites you may have visited. We do not, however, access information stored in cookies. We assign a unique identifier to information collected from individual devices, as collected through our proprietary technology.

A Customer may also instruct us to connect the information we collect with other Personal Information it may have about you and/or with additional Personal Data collected by us about you, at Customer’s direction.

How We Use Your Personal Data

General‍

We and any of our trusted third-party subcontractors and service providers use the Personal Data we collect from and about you for any of the following purposes: (1) to provide the Site and/or Services; (2) to respond to your inquiries or requests, contact and communicate with you; (3) to develop new products or services and conduct analyses to improve our current content, products, and Services; (4) to provide you with customized content, targeted offers, and advertising on the Site, on other third-party sites or apps you may visit, or via e-mail, based upon your history and usage of the Services and the content on our Site; (5) if you are a Customer, to contact you with informational newsletters and promotional materials relating to our Site and Services; (6) to review the usage and operations of our Site and Services; (7) to use your data in an aggregated, non-specific format for analytical purposes (as detailed below); (8) to prevent fraud, protect the security of our Site and Services, and address any problems with the Site and/or Services; (9) to provide customer support; and (10) to satisfy our legitimate interests, while at all times ensuring that your rights and freedoms are not affected.

Statistical Information

By analyzing all information we receive, including all information concerning visitors to the Site, we may compile statistical information across a variety of platforms and users (“Statistical Information”). Statistical Information helps understand trends and customer needs so that new products and services can be considered and so that existing products and services can be tailored to customer desires. Statistical Information is anonymous and aggregated and we will not link Statistical Information to any Personal Data. We may share such Statistical Information with our partners, without restriction, on commercial terms that we can determine in our sole discretion.

Analytics

We and/or our service providers or subcontractors, use analytics tools (“Tools”), including “Google Analytics” to collect information about the use of the Site. Such Tools collect information such as how often users visit the Site, what pages they visit when they do so, and what other sites and mobile applications they used prior to visiting the Site. We use the information we get from the Tools to improve our Site. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use located at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy located at http://www.google.com/policies/privacy/.

Legal Uses

We may use your Personal Data as required or permitted by any applicable law.

Basis for Processing Your Personal Data

Processing your Personal Data is necessary for the performance of the Terms and the provision of the Services to our Customers, including responding to inquiries or requests, contacting and communicating with you and providing customer support. When you make a purchase, use our Services or engage in any other transaction with us, we may also process your Personal Data to perform that contract.

Processing for the purposes of developing new and enhancing our products and Services, for analytics and usage analysis, for the marketing of our products and services, for fraud prevention and security and for our recordkeeping and protection of our legal rights – are all necessary for the purposes of legitimate interests that we pursue. In conducting such processing activities, we balance these legitimate interests against the rights and interests of our users. If you would like more information regarding how we make such determinations, please contact us through the contact information specified below.

Please note that we may process your Personal Data for more than one legal basis depending on the specific purpose for which we are using your Personal Data. Please contact us if you would like details about the specific legal grounds on which we are relying to process your Personal Data.

Sharing the Personal Data We Collect

We share your information, including Personal Data, as follows:

Customers

When we act as a processor on behalf of our Customers, we will share Personal Data of End Users with the applicable Customer.

Business Partners, Service Providers, Affiliates, and Subcontractors

We disclose information, including Personal Data we collect from and/or about you, to our trusted service providers, business partners, affiliates, subcontractors, who use such information to: (1) help us provide you with the Site and/or Services; (2) aid in their understanding of how users are using our Site and/or Services; (3) provide to you customized content, targeted offers, and advertising on the Site, on other third-party sites or apps you may visit, or via e-mail, based upon your history and usage of the Services and the content on our Site.

Such service providers, business partners, affiliates, and subcontractors include:

• AWS (Servers), located in the Europe.
• Google Analytics (Analytics), located in the USA.
• Google DoubleClick (Advertising), located in the USA.

Data Controllers

When you use the Site and/or Services, we also disclose your Personal Data to additional third parties, which act as co-controllers with respect to the collection of your Personal Data. The details and contact information of such controllers are as set forth below:

• Paypal Pte. Ltd. – contact information is 5 Temasek Blvd, #09-01, Suntec Tower Five, Singapore 038985.
• Facebook, Inc. – contact information is Facebook, Inc. ATTN: Privacy Operations, 1601 Willow Road, Menlo Park, CA 94025, USA

Business Transfers

We may transfer our databases containing your Personal Data if we sell our business or part of it, including in cases of liquidation. Information about our users, including Personal Data, may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition and shall continue being subject to the provisions of this Privacy Notice.

Law Enforcement Related Disclosure

We will fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity, behavior or (digital) content and information of or related to an individual, including in the event of any user suspected to have engaged in illegal or infringing behavior. We may also share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) to protect the rights, property or safety of third parties; (iii) when required by law, regulation subpoena, court order or other law enforcement related issues; or (iv) as is necessary to comply with any legal and/or regulatory obligation. You can request such Personal Data as specified herein by emailing us at info@Smartico.ai

Other Uses or Transfer of Your Information

We allow you to use our Site and Services in connection with third-party services, sites, and/or mobile applications. If you use our Site and/or Services with or through such third-parties, we may receive information (including Personal Data) about you from those third parties. Please note that when you use third-parties outside of our Site and/or Services, their own terms and privacy policies will govern your use of those services.

International Transfer

We use subcontractors and service providers and have business partners and affiliates who are located in countries other than your own, as set forth above and send them information we receive (including Personal Data). We conduct such international transfers for the purposes set forth above. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.

Whenever we transfer your Personal Data to third parties based outside of the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.

• Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.
• Where we use providers based in the US, we may transfer data to them if they have been certified by the EU-US Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US or any other arrangement which has been approved by the European Commission.

Please contact us through the contact information listed below if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

You hereby consent to such international transfer described above.

Security

We make efforts to follow generally accepted industry standards to protect the Personal Data submitted to and collected by us, both during transmission and once we receive it, including by implementing the below:

Safeguards – The physical, electronic, and procedural safeguard we employ to protect your data include secure servers, firewalls, antivirus and TSL encryption of data.

Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, review permissions quarterly, and revoke access immediately after employee termination.

Internal Policies – We maintain and regularly review and update our privacy related and information security policies.

Personnel – We require new employees to sign non-disclosure agreements according to applicable law and industry customary practice.

Encryption – We encrypt the data in transit using secure TSL protocols.

Database Backup – Our databases are backed up on a periodic basis for certain data and which are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity and are tested regularly to ensure availability, and are accessed only by authorized personnel.

However, no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Rights – How to Access and Limit Our Use of Certain Information

If you are a Customer or visitor to the Site, you have certain rights in relation to the Personal Data that we or our co-controllers hold about you, as detailed below. If you are an End User of one of our Customers, you have certain rights relating to the Personal Data held by applicable Customer (serving as a controller) or held by us on such Customer’s behalf. For any requests by End Users to exercise such rights with respect to information held by the applicable Customer or by us on its behalf, please contact the applicable Customer directly. For any requests to exercise such rights with respect to information held by our co-controllers, please contact the applicable co-controller directly. If you wish for us to notify all co-controllers, please specify that when you contact us in order to exercise any of your rights. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:

• Right of Access and Data Portability. You have a right to know what Personal Data we collect about you and, in some cases, to have the information communicated to you. Subject to the limitations in applicable law, you may be entitled to obtain from us a copy of the Personal Data you provided to us (excluding information that we obtained from other sources) in a structured, commonly-used, and machine-readable format, and you may have the right to (request that we) transmit such Personal Data to another party. If you wish to exercise this right please contact us letting us know what information in particular you would like to receive and/or transmit. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, for instance, if the information includes Personal Data about another person. Where we are not able to provide you with information that you have asked for, we will endeavor to explain to you why. We will try to respond to any request for a right of access as soon as possible.
• Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, correct or delete inaccurate or outdated Personal Data and/or that we suspend the use of Personal Data, the accuracy of which you may contest, while we verify the status of that Personal Data. We will correct your Personal Data within a reasonable time from the receipt of your written request thereof.
• Deletion of Personal Data (“Right to Be Forgotten”). In certain circumstances you have a right to have Personal Data that we hold about you deleted. Should you wish to have any Personal Data about you deleted, please contact us, using the contact information specified in this Privacy Notice. Subject to applicable law, we will delete Personal Data provided to us by a user within a reasonable time from the receipt of a written (including via email) request by such user to delete such collected Personal Data. We cannot restore information once it has been deleted. Please note that to ensure that we do not collect any further Personal Data, you should terminate your account with us and clear our cookies from any device on which you have visited our Site. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, as well as other purposes, all as permissible and/or required under applicable law. We may also retain your information in an anonymized form.
• Right to Restrict Processing: You may request at any time that we limit the processing of your Personal Data if you believe that either: (i) the Personal Data is inaccurate and wish us to limit processing until we verify its accuracy; (ii) the processing is unlawful, but you do not wish us to erase the Personal Data; (iii) we no longer need the Personal Data for the purposes for which it was collected, but you still need it for the establishment, exercise, or defense of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate grounds for processing. We may continue to use your Personal Data after a restriction request either: (a) with your consent; (b) for the establishment, exercise or defense of legal claims; or (iii) to protect the rights of another natural or legal person.
• Direct Marketing Opt Out. You can change your mind at any time about your election to receive marketing communications from us and/or having your Personal Data processed for direct marketing purposes. If you do, please notify us by contacting us as detailed in this Privacy Notice. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
• Right to Object. Subject to applicable law, you may have the right to object to processing of your Personal Data including for the purpose of direct marketing.
• Withdrawal of Consent. You may withdraw your consent in connection with any processing of your Personal Data based on a previously granted consent.
• Supervisory Authority. If you are a European Citizen, you may have the right to submit a complaint to the relevant supervisory data protection authority.

Data Retention

Subject to applicable law, we retain information as necessary for the purposes set forth above. We may delete information from our systems, without notice to you, once we deem it is no longer necessary for the purposes set forth in this Privacy Notice. We may also retain your information in an anonymized form. In addition, retention by any of our processors may vary, in accordance with the processor’s retention policy.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved through other means, as well as applicable legal requirements.

Please contact us through the contact information listed below if you would like details regarding the retention periods for different types of your Personal Data.

Cookies, Fingerprints and Similar Technologies

Fingerprinting on Behalf of Customers

When we collect Personal Data from our Customers’ End Users, we use fingerprint technology to do so. Fingerprint technology allows us to identify certain characteristics about user’s behavior and preferences online. We use this technology at our Customers’ request and direction and based upon the End User’s consent as obtained by the relevant Customer, if and as applicable in accordance with applicable law. If an End User would like to opt-out of the use of fingerprints, he or she can do so by sending email to optout@smartico.ai

Visitors to Smartico.ai Site

When you visit the Site, we use cookies and similar technologies to help personalize your experience and to personalize the ads we serve you. Third parties through which we provide the Site and/or our business partners may be placing and reading cookies on your browsers, or using web beacons to collect information in the course of advertising being served on different websites. When visiting this Site, you shall be asked to accept the terms of this Privacy Notice, including the use of and placement of cookies and other similar technologies on your device as specified herein.

What are Cookies?

A cookie is a small piece of text that is sent to a user’s browser or device. The browser provides this piece of text to the device of the originating user when this visitor returns.

• A “session cookie” is temporary and will remain on your device until you leave the Site.
• A “persistent” cookie may be used to help save your settings and customizations across visits. It will remain on your device for much longer or until you delete it.
• First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.
• Information may also be collected through web beacons, which are small graphic images (“pixel tags”), which usually work together with cookies in order to identify users and user behavior. These may be shared with third parties.

We may use the terms “cookies” to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above.

How We Use Cookies

We use cookies and similar technologies for a number of reasons, for example, in order to (i) help personalize your experience by helping save your settings and customizations across visits and provide you with targeted content matching your interests, which we have identified based on your activity and viewing history on our Site.

The specific names and types of the cookies, web beacons, and other similar technologies we use may change from time to time. However, the cookies we use generally fall into one of the following categories:

• Necessary – How we use these cookie: These cookies are necessary in order to allow the Site to work correctly. They enable you to access the Site, move around, and access different services, features, and tools. Examples include remembering previous actions (e.g. entered text) when navigating back to a page in the same session. These cookies cannot be disabled.

• Functionality – How we use these cookie: These cookies remember your settings and preferences and the choices you make (such as language or regional preferences) in order to help us personalize your experience and offer you enhanced functionality and content.

• Security – How we use these cookie: These cookies can help us identify and prevent security risks. They may be used to store your session information to prevent others from changing your password without your login information.

• Performance – How we use these cookie: These cookies can help us collect information to help us understand how you use our Site, such as whether you have viewed messages or specific pages and how long you spent on each page. This helps us improve the performance of our Site.

• Analytics – How we use these cookie: These cookies collect information regarding your activity on our Site to help us learn more about which features are popular with our users and how our Site can be improved.

• Advertising – How we use these cookie: These cookies are placed in order to deliver content, including ads relevant and meaningful to you and your interests. They may also be used to deliver targeted advertising or to limit the number of times you see an advertisement. This can help us track how efficient advertising campaigns are for our own Services. Such cookies may track your browsing habits and activity when visiting our Site and third-party sites on which advertisements are delivered.

How to Adjust Your Preferences

Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Services may function improperly when cookies are disabled or removed.

By changing your device settings, you can prevent your device’s ad identifier being used for interest-based advertising, or you can reset your device’s ad identifier. Typically, you can find the ad identifier settings under “privacy” or “ads” in your device’s settings, although settings may vary from device to device.

Adjusting your preferences as described in this section herein does not mean you will no longer receive advertisements, it only means the advertisement you do see will be less relevant to your interests.

Third Party Cookies and/or Similar Technologies

Google Analytics, Google DoubleClick, Facebook, Inc.

Third-Party Applications and Services

All use of third-party applications or services is at your own risk and subject to such third party’s privacy policies.

Communications

Subject to your consent and applicable law, we may send you e-mail or other messages and/or a newsletter about us or our Services. You will be given the opportunity to unsubscribe from commercial messages and stop receiving future communication from us by following the UNSUBSCRIBE link in any such email or message, by emailing us at info@smartico.ai, as well as through your account settings. Please note that we reserve the right to send you service-related communications, including service announcements and administrative messages relating to your account, without offering you the opportunity to opt out of receiving them. Should you not wish to receive such communications you may cancel your account.

Children

We do not knowingly collect personally-identifiable information from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.

Changes to the Privacy Notice

When visiting this Site, you shall be asked to accept the terms of this Privacy Notice. If you do not agree with the terms hereof, please do not use the Site. We may update this Privacy Notice from time to time – in which case, we shall notify you of such changes. We will post the updated Privacy Notice on this page. Please come back to this page every now and then to make sure you are familiar with the latest version. Any new Privacy Notice will be effective from the date it is accepted by you.

Comments and Questions

If you have any comments or questions about this privacy notice, or if you wish for us to amend or delete your Personal Data, or exercise any other of your legal rights, please contact us at info@smartico.ai

Last updated: May 2022