Privacy Policy
1. Processor Details
Lakpa SLU (hereinafter “the Company” or “we” or “us”) is the responsible party for the processing of personal data collected through your use of our websites smeshwallet.com, smhwallet.com, smesher.xyz as per the applicable data protection laws. This Privacy Policy (this “Policy”) describes how and why we collect, store, use, and manage the information, and data, including personal data, that you provide or we collect when you visit our websites https://smeshwallet.com/, https://smhwallet.com/, and https://smesher.xyz/ (“Site”). It also tells you how you can access and update personal information and/or data and make certain choices about how personal information and/or data that you provide to Us is used.
We have our registered domicile in Andorra. For any queries regarding your personal data, please contact us by email at support@smeshwallet.com.
2. How we process your personal data
Legal Basis for Processing under GDPR
We only process your personal data if this is necessary to provide a functional website or to provide you with our contents and services. The processing of personal data only takes place based on the appropriate legal basis and as permitted by law.
Insofar as we are required to obtain the consent of the data subject for the processing of personal data, we will obtain your prior consent and Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of the corresponding data.
If the processing of personal data required for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual services or measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 para 1lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDRP serves as the legal basis.
Legal basis:
- Fulfilling contractual obligations;
- Legal obligations;
- Your consent (where required);
- Our legitimate interests:
- improving and developing new products and services;
- being more efficient;
- preventing fraud;
- retaining your history and use details of the products you have previously purchased to make suggestions to you for other products which We believe you will also be interested in.
Duration of Processing
We only store your personal data for as long as necessary to serve the purpose of the processing and we delete personal data or block access to it as soon as such purpose ceases to apply.
Furthermore, personal data may be stored if this has been provided for by the applicable law (for example for book keeping or mandatory archiving purposes). The data will also be blocked or deleted if a storage period prescribed by the applicable law expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3. Website Access and Logfiles
Automated Data Processing
Every time you visit our website, our system automatically collects data and information about the computer system you used to access our website.
The following data is collected:
- Browser information (type and version);
- Operating system;
- Your internet service provider;
- Your IP address;
- Date and time of access;
- Websites from which your system reaches our website;
- Websites accessed by the user’s system via our website.
The data is also stored in the log files of our system. This data is not stored together with your other personal data.
For data processing subject to GDPR, the legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
Cookies, tracking and technologies relating to the use of our website
We use cookies on our site. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Information is stored in the cookie that results in each case in connection with the specifically used terminal device. However, this does not mean that we immediately become aware of your identity. The use of cookies primarily serves the purpose of making your use of our websites more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website.
In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimize user-friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
Furthermore, we use cookies to statistically record the use of our website and to evaluate it for you for optimising our websites. These cookies enable us to automatically recognize when you return to our site that you have already been with us. These cookies are automatically deleted after a defined period of time.
Within the scope of the GDPR, the data processed by cookies for the aforementioned purposes is justified in order to protect our legitimate interests and those of third parties pursuant to Art. 6 para. 1 sentence 1 letter f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that you cannot use all functions of our website.
Purpose of Processing
The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For data processing subject to GDPR, these purposes are our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Duration of Processing
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, deletion occurs after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized.
No Objection
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on your part.
International Transfer
We operate internationally, this means that personal data that we collect will be processed by Us in states where data protection and privacy regulations will not offer the same level of protection as in other parts of the world, such as the European Union.
When we transfer your Information to our entities outside the European Economic Area (EEA), we make use of standard contractual clauses which have been approved by the European Commission. We also use these clauses when we transfer your personal data to third parties outside the EEA.You may obtain a copy of the documents we use to protect your personal data when it is transferred outside the EEA by contacting us via email at support@smeshwallet.com.
4. Your Rights
You have the following rights under the applicable data protection laws:
Right of Information
You can request us to confirm whether personal data concerning you is being processed by us If such processing has taken place, you can request the following information from us:
- The purposes for which the personal data is processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject;
- if the processing is subject to GDPR, the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in connection with the transmission.
Right to Rectification
You have a right of rectification and/or completion if the personal data processed concerning you are incorrect or incomplete. We shall make the correction without delay.
Right of Restriction
Under the following conditions, you may request that the processing of your personal data be restricted:
You have a right of rectification and/or completion if the personal data processed concerning you are incorrect or incomplete. We shall make the correction without delay.
- if you dispute the accuracy of the personal data concerning you for a period that enables us to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- we no longer need the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims; or
- if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed
- apart from being stored
- with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest.
Right to Deletion
a) Obligation to Delete Personal Data
You may request us to delete the personal data relating to you without delay and we are obliged to delete this data without delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
- You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of personal data relating to you is necessary to fulfil a legal obligation to which we are subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
If we have made your personal data public and are obliged to delete it pursuant to Art. 17 para. 1 GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
b) Exceptions
The right to deletion does not exist insofar as the processing is necessary
- to exercise freedom of expression and information;
- for the performance of a legal obligation required for processing under the applicable law or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right mentioned under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
Right to Notification
If you have exercised your right to have us correct, delete or limit the processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by us, provided that
- processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
- processing is carried out by means of automated methods. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from us to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
Right to Objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6 para 1 lit. e or f GDPR; this also applies to profiling based on these provisions. In such case we shall no longer process the personal data concerning you, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Right to Withdraw Consent
You have the right to revoke your declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
Right of Appeal to Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, if you believe that the processing of personal data concerning you is contrary to the applicable law.
5. How To Contact Us
As a non-EEA resident controller we have appointed a local representative in the EEA. Our local EEA representative can be contacted by email at support@smeshwallet.com.
If you have any questions about this Privacy Policy you can contact us at support@smeshwallet.com.
Privacy Notice for California Residents
Effective date: 23 June 2022.
This Privacy Notice for California Residents (this “Privacy Notice”) supplements the information contained in Lakpa SLU (“Company”, “us” or “our”, or “we”) Privacy Policy (“Site Privacy Policy”) and applies solely to all visitors, Users and others who reside in the State of California (“consumers”, “you” or “your”). We adopt this Privacy Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Privacy Notice. All capitalized terms not herein defined will have the meaning set forth in Company’s Privacy Policy. In case on any inconsistencies with Company’s Privacy Policy, this Privacy Notice shall prevail.
1. Information We Collect
1.1. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”).
1.2. In particular, we have collected the following categories of personal information from our consumers within the last 24 months:
A. Identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)).
C. Commercial information.
D. Internet or other similar network activity.
1.3. Personal information does not include:
(i) Publicly available information from government records;
(ii) De-identified or aggregated consumer information;
(iii) Information excluded from the CCPA’s scope, like:
i. health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
ii. personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
1.4. We obtain the categories of personal information listed above from the following categories of sources:
(i) Directly from our consumers or their agents. For example, from information consumers provide to Us related to the Services for which they engage Us.
(ii) Directly from you when you provide it to Us. For example, if you share your name and contact information to ask a question about Our website or app.
(iii) Indirectly from you. For example, from observing your actions on Our websites and in Our apps.
(iv) From third parties, for example, Our service providers.
2. Use of personal information
2.1. We may use or disclose the personal information we collect for one or more of the following purposes:
(i) To fulfill or meet the reason for which you provided the information. For example, if you share your name and contact information to ask a question about Our website, app or product we will use that personal information to respond to your inquiry.
(ii) To provide, support, personalize and develop our websites, apps and products.
(iii) To process your requests and respond to your inquiries, including to investigate and address your concerns and monitor and improve Our responses.
(iv) To notify you about changes to Our websites, apps or any products or services we offer or provide through Our websites and apps.
(v) To notify you about changes to our policies and/or terms of use.
(vi) To maintain a record of Our dealings with you.
(vii) To understand and analyze the usage trends and preferences of Our Users, to improve Our websites, apps and other products and to develop new features, and functionality.
(viii) To contact you for administrative and information purposes - this may include providing customer service or sending communications, including changes to our terms of use.
(ix) To engage features of third party social networks.
(x) For testing, research, analysis and product development.
(xi) To help maintain the safety, security, and integrity of Our websites and apps, and our databases, other technology assets and business.
(xii) To diagnose or fix technological problems in relation to Our websites, apps and products.
(xiii) To carry out Our obligations and enforce Our rights arising from any contracts entered into between you and Us.
(xiv) To respond to law enforcement requests and as required by applicable law, court order or governmental regulations.
(xv) To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Us is among the assets transferred.
(xvi) As described to you when collecting your personal information or as otherwise set forth in the CCPA.
3. Sharing Personal Information
3.1. We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
3.2. We disclose your personal information for a business purpose to the following categories of third parties:
(i) Service providers.
(ii) Third parties to whom you or your agents authorize Us to disclose your personal information in connection with products or services We provide to you.
(iii) Law enforcement bodies and courts.
3.3. We share your personal information for the following general purposes:
(i) Service Providers: We may disclose personal information to third-party service providers that assist us with our operations. For example, analytics, log management, payment processing and data storage and processing services.
(ii) Protecting our Rights: We may disclose personal information to third parties if We believe that doing so is legally required or is in Our interest to protect Our property or other legal rights (including, but not limited to, enforcement of Our agreements), or the rights or property of others.
(iii) Corporate Transaction: Personal information may be disclosed as part of a corporate transaction, such as a merger, acquisition, debt financing, sale of Company’s assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which personal information could be transferred to third parties as one of Our business assets.
4. Your Rights And Choices
4.1. The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
4.2. Access to Specific Information and Data Portability Rights.
You have the right to request that We disclose certain information to you about Our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability, and Deletion Rights” section), we will disclose to you:
(i) The categories of personal information We collected about you.
(ii) The categories of sources for the personal information We collected about you.
(iii) Our business or commercial purpose for collecting and selling that personal information.
(iv) The categories of third parties with whom We share that personal information.
(v) The specific pieces of personal information We collected about you (also called a data portability request).
(vi) If we disclosed your personal information for a business purpose, a list with disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
4.3. Deletion Request Rights
You have the right to request that We delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once We receive and confirm your verifiable consumer request (see “Exercising Access, Data Portability, and Deletion Rights” section), We will delete (and direct our service providers to delete) your personal information from Our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for Us or Our service provider(s) to:
(i) Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or otherwise perform our contract with you.
(ii) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
(iii) Debug products to identify and repair errors that impair existing intended functionality.
(iv) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
(v) Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
(vi) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
(vii) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
(viii) Comply with a legal obligation.
(ix) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
4.4. Exercising Access, Data Portability, and Deletion Rights.
4.4.1. To exercise the access, data portability and deletion rights described above, please submit a verifiable consumer request to Us by emailing Us at support@smeshwallet.com.
4.4.2. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
4.4.3. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request
(i) Provide sufficient information that allows Us to reasonably verify that you are the person about whom We collected personal information or an authorized representative of such person; and
(ii) Describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
4.4.4. We cannot respond to your request or provide you with personal information if We cannot verify your identity or authority to make the request and confirm the personal information relates to you.
4.4.5. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
4.5. Response Timing and Format
4.5.1 We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If We require more time (up to 90 days), We will inform you of the reason and extension period in writing.
4.5.2. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
4.5.3. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request.
4.6. Personal Information Sales Opt-Out and Opt-In Rights.
4.6.1. If you are a California resident and 16 years of age or older, you have the right to direct Us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers We actually know are less than 16 years of age, unless We receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
4.6.2. To exercise the right to opt-out, you (or your authorized representative) shall submit a variable notice to support@smeshwallet.com.
4.6.3. Once you make an opt-out request, We will wait at least twelve (12) months before asking you to reauthorize personal information sales.
5. Non-Discrimination
5.1. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, We will not:
(i) Deny you goods or services.
(ii) Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
(iii) Provide you a different level or quality of goods or services.
(iv) Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
6. Changes To Our Privacy Notice
6.1. We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated Privacy Notice on the Site and update the Privacy Notice’s effective date. Your continued use of our websites, apps and Services following the posting of changes constitutes your acceptance of such changes.
7. Contact Information
7.1. If you have any questions or comments about this Privacy Notice, the ways in which the Company collects and uses your information described here and in Our Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact our representative responsible for personal information by email at support@smeshwallet.com.
Privacy Notice 2023-12-08